The roll-out of the General Data Protection Regulation in Europe next May will be spotty.
Like most government crackdowns, GDPR—mandating that marketers protect consumers' privacy and data—will be rigorously enforced in northern nations, lazily enforced in southern ones.
But if you do a lot of business up north, you should take steps now to comply. Experts recommend you:
- Appoint a "data czar" to police your marketing activities
- Get a third-party checkup of your data's health
- Segregate lists affected by GDPR, so you can treat them differently
- Confirm your suppliers will be compliant by May
- Sign up for "ready-made" solutions, if you're still worried
Unlike many current consumer protection laws, GDPR is tough.
Screw up, and you could face fines in the millions.
Screw up, and you could face fines in the millions.
GDPR disallows, for example, "soft" opt-ins, so you'll have to dump lists that aren't rigidly permission-based. It also grants the "Right to Be Forgotten," so you'll have to delete old web posts anyone could reasonably claim are inaccurate or defamatory. And it punishes marketers who make it at all troublesome for consumers to opt out of their lists.