Direct marketing: GDPR will bite in 2019
On May 25, 2018, the EU implemented the General Data Protection Regulation – one of the most stringent privacy and security laws ever enacted.
Regulators will be pleased with the level of engagement so far. A report on the awareness and understanding of the Regulation at the end of 2018 showed that 88% of Irish businesses were confident that they had interpreted their regulatory obligations correctly, with 84% claiming to be satisfied that they were materially compliant1.
There is certainly a strong awareness of data protection, and many organisations take their responsibilities seriously in relation to the management and use of personal data. This will no doubt increase, as there is a clear expectation that GDPR will begin to bite this year. There were 3,500 breach notifications and 2,500 complaints in 2018 and the Data Protection Commission (DPC) is currently investigating 16 cases targeting big technology companies. We can expect to see several GDPR-related fines applied this year. However, the DPC’s role is not just to wield a big stick; it also has a mandate to assist organisations and help them get GDPR right from the beginning.
A key concern is that many companies have been distracted by their privacy and cookie policies and haven’t focussed sufficiently to ensure that data is held securely and is only available to authorised personnel. This is a big watchout for 2019.
The impact of GDPR will continue to increase and grow throughout 2019 as the processes and standards that we put in place in 2018 begin to be tested. Therefore, it is imperative that your organisation gives continuous care, focus and investment to the collection, storage, management and use of personal data.
GDPR has created some issues, such as the introduction of consent pop-ups that relentlessly interrupt our online experience. More concerning, however, is that people may click ‘agree’ on these pop-ups without being fully aware of how the websites and platforms concerned capture and use their data. The new EU ePrivacy Regulation will address this concern.
EU ePrivacy Regulation
The greatest impact for direct marketing will arguably come from the EU ePrivacy Regulation, expected to be introduced in 2020, which will apply to any business that engages in electronic direct marketing, uses online tracking technologies or provides any form of online communications service. This Regulation will take precedence over GDPR regarding any electronic communications.
The ePrivacy Regulation is currently working its way through the EU legislative process. A major element of the current draft focuses on setting blanket cookie acceptance or refusal at browser level, with GDPR-level penalties for non-compliance. While further changes are expected to the draft Regulation, it is important that organisations begin to review its implications now and plan accordingly.
1. Mazars and McCann FitzGerald (2018)
2. TNW (2019)