{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.

No_results

That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.

Logo_distressed

Sorry about this, there is a problem with our search at the moment.
Please try again later.

Digital businesses and organisations of all sizes will be aware of the myriad of laws and regulations when operating in or across EU markets.

Top of the list will be data protection and privacy law as many organisations become more data-driven in the quest to monetise their digital offering by delivering a more customised user experience.

However, the next few years will see a ‘sea-change’ in privacy and data protection law: organisations face a new privacy challenge.

Enter the EU General Data Protection Regulation (GDPR)

Having just got used to the changes brought in by the revised ePrivacy Directive (the so-called ‘cookie law’) - replacing the ‘notice and opt out’ provisions for the use of cookies and other technologies to one based upon ‘consent’ - European policy-makers have agreed an update to the existing data protection legal framework dating back to 1995 (in the UK, the 1998 Data Protection Act).

Known as the EU General Data Protection Regulation (GDPR), it is expected to be formally agreed in the coming months although won’t actually come into force until mid-2018.

However, after nearly four years of debate and discussion in Brussels, it introduces new aspects that will require a different approach.

It won’t overhaul existing data protection law completely but organisations need to sit up and take note now.

So what’s new?

There has been a wide range of debate about the new regulation: Will it place too many restrictions on the use of data? How will the ‘open’ internet fare? Is it a ‘milestone’ for the digital world?

The devil is in the 200+ pages of text, but there are four specific changes to be aware of now:

1. It aims to deliver 'one law across one continent’.

In updating the existing framework, the policy-makers in Brussels wanted to take into account the world we live in today where vast amounts of digital information are collected, exchanged and used every second.

They also sought to recognise that this world is global. To this extent, the new law is what is known as a ‘Regulation’.

So, unlike the ‘cookie law', it will apply consistently across EU markets. However, in reality, many aspects are devolved to national jurisdictions.

2. It’s scope is broad.

The drafters will argue otherwise. But, with a few exceptions, all data is now ‘personal’ whether it directly identifies an individual or not.

Therefore, in practice, a lot more data is swept up in the regulatory net.

3. The new law’s influence stretches beyond European shores in an attempt to recognise the global nature of data.

If an organisation is processing personal data about a person who is in the EU then the rules will apply regardless of where the organisation is located. 

4. The penalties for a breach have been ramped up.

For serious violations the fine is €20m or 4% of annual global turnover, whichever is higher.

A need for consistent & practical EU-wide guidance

The political necessity to find an agreement in Brussels before Christmas contributed to many aspects of ambiguity in the final text.

But we should be used to this from policy-makers by now and, while organisations seek legal clarity, this may not be such a bad thing given what was on the table six months ago.

While the Regulation will be done and dusted by the middle of this year, there will be a need for consistent and practical guidance across Europe, particularly on areas such as ‘consent'.

Working with industry, Data Protection Authorities (DPAs), such as the UK Information Commissioner’s Office (ICO), need to produce consistent EU guidance to help deliver practical, realistic and creative ways of achieving compliance.

The experience of the ‘cookie’ law illustrates only too well that we require something that actually works for users: improving their control without interrupting their experience.

What about the Cookie Law?

The revised ePrivacy Directive stays in force for now.

However, it will need to eventually align (specifically Article 5.3 regarding cookies, etc.) with the new Regulation to ensure organisations do not face ‘double-regulation'.

There are many different views on its future and work is already underway to review it in Brussels.

Next steps

It is clear is that, in the next few years, the data protection and privacy landscape is going to change.

The ICO, the UK body that will enforce the new law, has already kicked off its implementation process and it will soon have a new section of its site dedicated to this.

It is worth organisations following this and the ICO’s updates. Those businesses and organisations that get out in front are likely to gain the advantage.

Nick Stringer

Published 18 February, 2016 by Nick Stringer

Nick is a Digital Media Consultant specialising in Regulatory Affairs & Public Policy. You can follow him on Twitter or connect via LinkedIn.

1 more post from this author

Comments (2)

William Yates

William Yates, Client Services Director at Novacom Corporation

Good article Nick, thanks for sharing. This is an increasingly important area for focus for marketers given the potential legal and financial risk. We published an article on this last year which you may find interesting: http://www.novacomcorporation.com/blog/2015/10/data-security-and-gdpr-how-to-mitigate-cybercrime-and-legal-risk/

10 months ago

Avatar-blank-50x50

Caroline Smith, West Europe Head of Digital Engagement at 3M United Kingdom PlcEnterprise

Great helpful article Nick. Thank you.

10 months ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.