In May 2018, all multinational marketers will have to comply with the EU’s General Data Protection Regulation (GDPR), which governs consumer data collection, storage and usage practices. But many of them remain unsure about what they need to do.
The legislation, which is designed to give consumers in the EU more control over their personal data, lays out requirements for data collection, storage and use, and will impose potentially devastating fines on companies with poor data-handling practices or that experience data breaches in which they are found at fault. Regulations may be limited to the personal data of consumers residing in the EU, but they apply to any company handling, transmitting or storing that data, whether it has a physical location in the EU or not.
Today, the majority of companies feel unprepared for GDPR and all that it requires. Some are working on what could be called table stakes: reworking privacy policies and implementing consent practices. Just as many have moved on, perhaps to struggle with “privacy by design” principles and properly modify their data collection and purging practices for the road ahead.