The EU's General Data Protection Regulation (GDPR) is set to go into effect on May 25. It will dramatically change current data privacy laws throughout Europe, strengthening the protection of personal data.
If they want to avoid hefty penalties, companies that conduct business in the EU—or even process personal data originating from the EU—need to ensure their business practices adhere to the new law's strict guidelines.
However, according to a recent report by Forrester Research, only about one-third of global companies say they are prepared for GDPR. Many have not yet completed the required work, which includes a data discovery process, data classification, data flow maps, and impact assessments—all of which will evolve their operating model toward privacy by design and by default.
One of the most important factors for companies to consider is GDPR's expanded definition of what is considered personal data. Under the previous regulations, for example, information such as age, race, gender, geographic location, and job title were protected because they could be used to identify a specific person.
However, the new set of regulations broadens the data deemed personal to include medical information, pseudonymous data, cookie IDs, device IFAs, and other unique identifiers, such as IP addresses—which is particularly crucial for ad tech companies that harness first- and third-party data to help advertisers target viewers on over-the-top (OTT) or via connected TV devices.
To be clear, companies can still process personal data, but GDPR requires action and compliance, which may include collecting users' consent or explaining their "legitimate interest" in processing that data.
The following infographic by SpotX, a video advertising and monetization platform for publishers, explains the history of GDPR and its goals, and provides a road map to compliance.
CCPA and GDPR Resources on MarketingProfs
- CCPA Is Here, But Not Enough Marketers Are Paying Attention
- 10 Steps Marketers Can Take to Prepare for 'California's GDPR'
- GDPR vs. CCPA: Data Privacy and US Marketers [Infographic]
- CCPA: Questions of Privacy, Compliance, and Enforcement
- What You Need to Know About GDPR and Data Privacy: Lisa Loftis of SAS [Podcast]
- GDPR Is Already Here: A Simple Marketing Guide for Compliance
- What CMOs Need to Know About the Looming General Data Protection Regulation (GDPR)
- A Marketer's Checklist: Are You Ready for GDPR Compliance? [Infographic]
- What Is GDPR, and How Can It Impact Your Business? [Infographic]
- Are You Ready for GDPR? [Infographic]
