The Ultimate Guide to GDPR

The General Data Protection Regulation went into effect in May 2018, bringing the European Union data protection guidelines to all the member states. Each country committed to applying the measures in their national legislation. GDPR consent is fundamental, and if you don’t have a customer’s permission, you can be subject to fines and sanctions. But what does this regulation aim to do? What is its goal as technology gains more prominence inside corporations? 

GDPR Regulations: Requirements for managing and treating data

GDPR supersedes the European Union Data Protection Directive and establishes the requirements for organizations and enterprises to gather, store, and manage personal data. The risks of incorrectly treating personal data are lower in the face of more stringent requirements for organizations. The GDPR law applies in the following cases: 

• Companies that handle personal data and have their headquarters in the European Union, regardless of where they manage the data. 

• Corporations that have their headquarters outside European Union territory but handle personal data that pertains to goods or services offered to EU citizens or supervising the behavior of EU citizens. If a corporation does not have a headquarters in the EU but does collect information from EU citizens, they must name an EU territory representative. 

When GDPR refers to personal data, we refer to information about an identifiable person, such as their first and last names, address, passport/social security number (in the Spanish context, a DNI or national identity document number), income, IP address, and more. 

The arrival of GDPR led to a substantial change in the privacy policy and data protection policies for Spanish enterprises, albeit at a more gradual speed. They had a two-year margin to adapt their compliance to GDPR measures that had been under the European Commission’s Data Protection Directive (officially Directive 95/46/EC). An area that saw a significant impact on GDPR is marketing.

Does the US have any legislation similar to GDPR?

While there is no federal legislation to date, a similar law in California, the California Consumer Privacy Act (CCPA), went into effect on July 1st, 2020. A ballot measure for the California Privacy Rights Act (CPRA) passed in the recent November 3rd election. The CPRA clarifies some points in the CCPA and brings California’s data privacy laws more in lock-step with GDPR. When the CPRA comes into force in 2023, Californians “...will have a right to know where, when, and why businesses use their personally identifiable data.” With many of the industry’s power players based in the state, the repercussions on the tech industry are significant on the US and potentially global level. 

The close relationship between marketing and GDPR 

360° Marketing is one of the areas inside an organization that works most with customer data. They declared the GDPR guidelines advertising’s “most significant legal change in 20 years,” and 66% of marketing leaders believed it would make it onerous to foster more direct bonds with consumers. 

After having seen its effects, we have seen its impact was not so detrimental. Permission Marketing is now a prominent force, and while some enterprises have had more issues than others in initially adapting to the requirements, they’re currently operating smoothly. It also positively impacted “cleaning up” the market of companies that did not correctly manage data and were not up-to-date on marketing technology. 

The major update in GDPR is accountability. It refers to the person in charge of data processing must ensure that personal data processing remains within the law by applying necessary organizational techniques like GDPR cookie consent. In summary, not only is it enough to do things well, you have to show it and prove it at any time. 

To ensure you can apply accountability in your organization and ensure proper compliance with the GDPR text, we’ve prepared a GDPR marketing checklist with seven key points to consider to avoid critical errors. Remember that you must adhere to GDPR compliance if you don’t want to face a GDPR audit and end up with sanctions: 

7 GDPR points that you can’t miss

1 / 6