What You Should Know about General Data Protection Regulation (GDPR)

January 9, 2018 Ginna Hall

The EU’s sweeping data reform regulation -- GDPR -- went into effect on May 25, 2018. This has been on the horizon since 2016, when the European Commission issued a press release outlining data protection reform and its goal to “make Europe fit for the digital age.”

“The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” -- from the EU GDPR Portal

The implications for companies everywhere are enormous. Brands, especially B2C companies, will feel the impact of this new regulation for some time, since a majority of them are gatekeepers of customer data.

Currently, many marketers do not completely understand the implications of GDPR. In fact, before May 25, almost half (48%) didn't believe their teams were fully aware and over a quarter admited their websites were unlikely to be compliant by the end of May.

The penalties for being out of compliance can be severe. Business that do not comply can be fined up to 4% of annual global revenue or €20M ($27M) for breaching GDPR.

Here’s a brief overview of what you need to know about GDPR. More information about the regulations can be found on the EU GDPR's official site.

What changed in May?

GDPR outlines new rules for collecting and recording consumer consent to be contacted, making requests for personal information much more transparent. To comply, businesses must meet strict new requirements.

Who does the GDPR apply to?

GDPR applies to all companies processing and holding the personal data of “data subjects” residing in the European Union, regardless of the company’s location. Any business with customers in the European Union must adhere to GDPR rulings.

According to the United Kingdom’s Information Commissioner’s Office, the GDPR applies to both data ‘controllers’ and ‘processors’.

  • A controller determines the purposes and means of processing personal data.
  • A processor is responsible for processing personal data on behalf of a controller.

For example, a brand may be a data controller, while its Data Management Platform (DMP) vendor is a data processor.

If you are a processor, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. If you are a controller, you must ensure your contracts with processors comply with the GDPR.

What are the goals of GDPR?

The new regulations are designed to achieve four main objectives:

  1. Protect - the personal data of EU citizens
  2. Unify - the duties and responsibilities of controllers and processors
  3. Control -- give control to data subjects over their processed data
  4. Simplify -- the means of data collection and processing

What constitutes personal data?

GDPR defines personal data as any information related to a person or “data subject” that can be used to directly or indirectly identify the person. This can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

How do I get started?

Here are six initial steps you can take to prepare for GDPR.

  1. Understand the risks of noncompliance and assess your approach to GDPR.
  2. Identify the types and locations of data you have from consumers, customers and employees.
  3. Ask your vendors about the steps they are taking to protect your customer data.
  4. Educate your team so they understand their role in remaining compliant.
  5. Consult with a specialist to ensure that your company’s specific model of data collection and sharing is in compliance.
  6. Embrace GDPR compliance as an opportunity for more targeted marketing and stronger customer relationships.

A New Era of Privacy Protection

Digital marketing is complex, with companies managing multiple platforms and vendor relationships. This new regulation will have significant impact on how brands communicate with their customers. But looking at the big picture, we believe GDPR will move brands towards a new era of transparency in customer interaction and engagement. Stay tuned to our blog for more information.


Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now

Guide to the General Data Protection Regulation (GDPR)

Getting ready for the GDPR Checklist

Request a Demo

Learn how Nielsen can help you measure and optimize your marketing and advertising: Request a demo today.

Subscribe to our Blog

Get news and information in your inbox every month: Subscribe

Previous Article
Managing Change: Why Marketing Metrics Need to Match Business Goals
Managing Change: Why Marketing Metrics Need to Match Business Goals

How can businesses reconcile top line and bottom line growth if they are using siloed measurement? Marketin...

Next Article
31 More Marketing Measurement Terms You Need to Know (Part 2)
31 More Marketing Measurement Terms You Need to Know (Part 2)

Marketing measurement demystified: definitions of common terms associated with marketing attribution.



Error - something went wrong!