January 25, 2016

How to catch-up on EU Data Protection changes

By Paul Laughlin

EU Data ProtectionAre you ready for impact of new EU Data Protection regulation to your business? Have you updated your data strategy? Are you planning to appoint a CDO?

When it comes to new EU regulation affecting businesses, it seems one of two problems are common. Either such regulation is foisted on unsuspecting business leaders, with little consultation (as we saw was the case for new EU VAT rules).

The other problem is debate & changes to potential regulation dragging on, for so long that most people get bored, so they stop paying attention.

Ironically the results of both approaches are often the same, businesses unprepared for impact & left scrambling for tactics (rather than a carefully thought through strategy).

I fear the latter risk is exactly what is happening with the now agreed EU Data Protection Reform.

For those already bored by this subject, I sympathise. But I urge you to read on, as the impact on your insight strategy may be greater than you suspect.

We’ve mentioned previously the critical importance of data teams & data models, plus how fundamental your effective data management is to all you want to do with analytics & research. After all the standoffs, changes & scare mongering – it looks like this new EU regulation is a fairer compromise than expected.

A good overview of the ethos behind EU changes can be found in this Guardian news article:

EU agrees draft text of pan-European data privacy rules

Europe has taken a big step towards stronger, pan-European data privacy laws, after agreeing the text of new reforms. The agreement, four years in the making, comes after six months of “trilogue” negotiations between the European Commission, the European parliament and the Council of the European Union, in the last legislative session of the year.

For more detail, I suggest checking out this article by Computer Weekly. Helpfully they include videos to talk your through the highlights:


Not surprisingly, the impact of changes that has sparked the most interest from businesses have been: (a) the potential scale of fines = up to 4% of global gross revenue; (b) requirement to appoint registered Data Protection Officers = for public bodies & firms with large-scale data processing firms.

However, beyond just thinking of direct cost impact, I would also urge Customer Insight leaders to consider the impact of both wider definition of “personal data” and consent capture required. Although the latter has not gone as far as many marketers feared (it does not require explicit consent in all cases), nevertheless the greater transparency needed in telling consumer how their data will be used. For analytics & database marketing teams, a key part of this is needing to be explicit about the intention to use data for “profiling” and the right of consumers to withdraw their consent of this data analytics or modelling.

Even having the flexibility for some data to be used for analytics & targeting, some just for marketing & some not for some media — will be a significant step forward for a number of companies. I would recommend conversations starting as soon as possible between IT and Marketing teams as to how this would work.

As we’ve said before, close working between Marketing, Insight & IT is going to be key going forwards.

Having shared all those summaries, the best one I have found is one published by Data IQ Magazine. In this article, Peter Galdies from DQM usefully focusses on all the main impacts you need to consider when reviewing your response:

A Summary of the EU General Data Protection Regulation

In December 2015 the long process of agreeing a new set of legislation designed to reform the legal framework for ensuring the rights of EU residents to a private life was completed. This was ratified in early 2016 and becomes widely enfor…

So, I’d recommend organising a meeting ASAP to review those points with your Marketing & IT peers.

Do you agree? How are you preparing your business?