In particular, the impact we see this new set of consumer protections having for both marketers and customer data platforms.
These regulations approved by European Parliament, which went into effect May 25, 2018, come with heavy fines and penalties for non-compliance.
This is why most of the business world, but particularly companies in the EU or with a presence in the EU, are so concerned about what they need to do to ensure they comply with GDPR.
As it turns out, it’s not only lawyers worrying about it: Privacy officers and data controllers need to ensure compliance as well.
GDPR data protection law meant to protect consumers’ personal information
While GDPR brings the most stringent guidelines to date when it comes to how a company processes data, stores it, and uses it for their benefit, this discussion isn’t new. In fact, it’s as old as the internet:
In a recent BlueConic webinar, our team of experts detailed the four primary primary GPPR-related topics marketers need to focus on today: consent management, data portability, right to erasure, and right to rectification.
But we went one step further to help marketers such as yourself: We outline how BlueConic provides tools to comply with the data security and privacy rules through our new consent management functionality.
While we delve into the many details of GDPR and how everyone from established technology firms to burgeoning startups need to meet all the mandates associated with it, some marketing pros need more guidance.
GDPR glossary for marketers
With that in mind, here are some essential GDPR terms to know — ones the supervisory authority monitoring brands’ progress with compliance would likely want you to memorize by heart and share with your teams.
- Data subject: An identifiable, natural person.
- Personal data: Any information relating to a data subject.
- Controllers: The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing the personal data.
- Processors: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
- Third party: A natural or legal person, public authority, agency, or body other than the data subject, controller, and processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Purpose: The stated reason for the data collection.
- Consent: Per GDPR, this must be: freely given (by “clear affirmative act”); specific, such that any unique purpose for the data collection is asked about distinctly; and in clear language, (“[As an] informed and unambiguous indication of the data subject’s agreement to the processing of personal data.”). Also, the burden of proof for consent lies with the data controller and data protection officer (DPO) for a given company.
Other GDPR consent insights
There’s an incredible amount of commentary and input on GDPR from folks across all industries, publications, and countries around the world. Check out some of these resources that we’ve found quite useful:
- Marketers Need to Know About GDPR: Frequently Asked Questions Answered (Gartner clients only)
- Countdown to the GDPR
- European Data Protection Supervisor
- International Association of Privacy Professionals
- Tackling GDPR compliance before time runs out
There will certainly be more to come about GDPR as it unfolds worldwide and, in turn, organizations of all kinds begin to implement their consent management strategies around GDPR.
One thing’s for sure: We’ll be discussing the data protection law often to keep you up-to-date.