We all knew it was coming, but it’s finally arrived. Europe has taken a huge step towards implementing a pan-European data privacy law in the form of the General Data Protection Regulation (GDPR). The agreement which has been in discussion for the past 4 years was finally reached on Tuesday, December 15th, 2015. Although the new laws will not be enforced until 2018, it does mean there is now a finite window in which businesses need to reach the expected data protection privacy levels in order to remain compliant.
What’s in store?
Using the final approved regulation as a basis for what will become law, the changes are expected to range from ‘minor’ to ‘significant’ with regards to their impact on the world of B2B marketing and sales. In early 2016, the UK Government will begin to transpose the GDPR and creating new legislation. Whether it’s registering as a data processor or controller, employing an in-house data protection officer, reporting data breaches in a whole new way, or refraining from profiling existing customers, businesses will have to adapt and develop. With privacy expected to be at the heart of all future processes and products, many organisations will need to start changing their approaches sooner rather than later if they are to stay within the confines of the new law.
Failing to comply
One of the main features of the previous drafts of the regulation which is likely to become law is the cost of failing to comply with the new GDPR. It was made clear from the beginning that the financial costs to organisations that failed to prioritise data protection and privacy would need to be increased and toughened, and this has certainly been shown to be true. In the regulation, the proposed repercussions for failing to comply are…
- Written warning - for individuals and small businesses who commit first, non-intentional breach of the regulation
- A fine of up to €250,000 or 0.5% of the controller’s annual worldwide turnover - for a failure to provide an adequate mechanism for data subjects to exercise their rights
- A fine of up to €500,000 or 1% of the controller’s annual worldwide turnover - for a failure to provide adequate information to data subjects or to allow subject access, or to comply with the right to be forgotten
- A fine of up to €100 million or 2-5% of the controller’s annual worldwide turnover – for processing personal data without a valid processing condition, failure to comply with the conditions relating to profiling and other more serious breaches of the regulation
As you can see, with the risk of fines of up to €100 million, businesses need to be using the next 2-3 years to ensure they are fully compliant when the new laws become enforced.
But don’t panic
This new GDPR is aimed at protecting the privacy of individuals, and although it will have an impact on B2B businesses, they are not the main target of the changes. Simply by amending current processes and procedures, organisations should be able to make the move to GDPR compliance fairly easily. Also, with many agencies and businesses staying laser-focused on the changes to the law, there will be plenty of support and guidance for B2B marketers and salespeople over the coming months and years.
To find out how the GDPR will affect your B2B buisness...