GDPR Text and Policy
What does the GDPR Text and Policy mean for UK marketers?
Understand how and why the EU General Data Protection Regulation applies to you.
In a data-driven marketing world, the aim of the GDPR text and policy is to protect all EU citizens from privacy and data breaches. Essentially the new General Data Protection Regulation is about the balance between the right to privacy versus the right for businesses to “sell stuff” to individuals. While the key principles of data privacy still hold true to the previous Data Protection Directive, many changes have been made to account for the way we handle data.
This text and policy isn’t just for B2C audiences either. It applies to all data that can be used to identify an individual, including their business email address. As B2B are marketing to real, living individuals, they will have to abide by the GDPR rules too.
What you need to know
Why the GDPR has replaced the Data Protection Directive
Because of the way we have used the technology and data at our disposal, the law has changed as to HOW we can use that data and technology. We weren’t paying as much attention to the difference between the right to privacy and the right to market to someone as we should have been. Now the law is changing to make sure consent is in the customer’s hands.
Who does the GDPR Text and Policy apply to?
The GDPR applies to all companies processing the personal data of individuals residing in the EU. This applies regardless of the company’s location. So whether the data processing takes place in the European Union or not, the GDPR is completely clear in its applicability. The GDPR applies to the processes of personal data of data subjects in the EU by a controller or processor, even if they are not established in the EU. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the European Union.
What happens if you don’t comply with the new GDPR policy?
Failure to comply to the GDPR will see organisations fined up to 4% of their annual global turnover or €20 million, whichever of the two is greater. This is the maximum fine that can be imposed for serious infringements. Serious infringements would include not having sufficient customer consent to process their data. These rules apply to both controllers and data processors, so there are no exemptions from the GDPR when it comes to ‘cloud’ data.