Eoin Duffy delves into the forthcoming General Data Protection Regulations, and what it means for both businesses and consumers.
GDPR is an acronym you may not be familiar with just yet, but it is one you really should know about given the role it will play in changing your online experience over the coming months.
The General Data Protection Regulation (GDPR), a series of laws approved by the European Parliament in 2016, proposes drastic changes to the way our personal data will be held by businesses when it comes into effect on the 25th of May 2018.
“Upon its introduction, the power and control over our data will be fully reinstated into our own hands.”
In a world where data is ‘the new oil,’ our private information is of incredible value to those companies who possess it. The wealth of personal information readily available to the likes of Facebook, Google, and other organisations allows them to target us as consumers in ways we sometimes don’t even realise. While it can be argued that access to our annual incomes, browsing histories, and locations enables these companies to offer us direct marketing more suited to our interests, a fundamental question still exists: where do we draw the line?
Essentially, GDPR will now allow us to draw that line for ourselves. Upon its introduction, the power and control over our data will be fully reinstated into our own hands. In the case of Facebook, the organisation will no longer be allowed to use the personal data they hold on users for advertising purposes without permission. Another critical development will be in the right to be forgotten. While companies will only be entitled to store user information for a period “no longer than is necessary for the purposes for which the personal data are processed,” the new regulations will also grant users the power to have all collated data erased at their request.
“As of now, when we scroll through our Facebook, Instagram, or Twitter feeds, we are inundated with ads directly targeted at us as individuals, based on the information the company holds on us.”
GDPR identifies a broad spectrum of what constitutes personal information. From basic data such as name or address to more discrete personal details such as political preferences or sexual orientation, the new regulations propose to provide the same level of protection for all.
So what impact will these new standards have on the way we, as consumers, view online advertisements in the future? As of now, when we scroll through our Facebook, Instagram, or Twitter feeds, we are inundated with ads directly targeted at us as individuals, based on the information the company holds on us. While generally accurate to our interests or needs, the ethical concerns surrounding these ads are widely debated. Are relevant advertisements really worth a potential invasion of online privacy? With many people seriously wary of handing over personal information to companies online, while others believe it to be a worthy trade-off, the critical factor associated with the GDPR is that it now gives us greater control over that choice. It may appear on our screens as ‘opt-in’ or ‘opt-out’ options of targeted advertising, but one thing is clear; consent must be explicitly given.
“68% of U.S.-based companies expect to spend between $1 million and $10 million to meet the GDPR requirements.”
As with any new regulations, it is imperative that the rules are both understood and followed by all those affected. Significantly, it is clear that the European Union are serious about enforcing compliance with the GDPR. With reported potential fines of up to €20 million or 4% of global annual turnover, we can see that the EU intends to severely punish those companies who fail to meet the standards set by the new regulations.
For any company that stores information about EU citizens, the GDPR proposes a testing few months ahead. As reported by a recent PwC survey, 68% of U.S.-based companies expect to spend between $1 million and $10 million to meet the GDPR requirements. The combination of this and the prospect of non-compliance fines on the horizon shows that the regulations bring about serious financial considerations. More importantly for these data-collecting organisations, the need to ensure their ability to actually obtain user information is crucial.
Now, more than ever, it will be vital to ensure a transparency and authenticity across all business operations to encourage users to feel comfortable in handing over their information. Businesses may also start to consider other initiatives to secure the data they so desire. Perhaps new incentive schemes could be explored to provide individuals with a more attractive trade-off, with special offers or benefits received by those who “opt-in” to the service. Similarly, companies may seek to invest more into building the reputations of their brands to be perceived as a place where their user-information is both respected and protected. In any case, the new regulations have given firms across the EU plenty to consider.
In summary, it is evident that the GDPR is set to shake up the digital marketing landscape dramatically. While it proposes a new challenge for companies who gather and store consumer data, it grants a new power to the individual, who will now have greater control over their information.