The General Data Protection Regulation (GDPR) is a piece of legislation which will come into force across the European Union on 5/15/18. It was adopted 4/14/16, after a two-year transition period, which replaces the 1995 Data Protection Directive. Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable. If you process data about individuals in the context of selling goods or services to European citizens in any EU country, you will need to comply with GDPR. For companies who operate in European markets or have actual or potential customers within those countries, strict compliance with GDPR is mandatory, and the penalty for failing to comply is a potentially a major fine. We’re talking about 4 percent of your global annual revenue up to $20 Million Euro, that’s $25.2 Million U.S. dollars! So what is GDPR and how do you comply?


GDPR was drafted to protect all non-anoymized personal data. Any company or organization that stores or processes personal information about natural persons, individual human beings, who are data subjects under the regulation, defined as European citizens who reside in an EU state, must comply. Simply, you can’t just profit from personal data anymore, if the data relates to European data subjects. As stated in paragraph 70 of the preamble, where personal data is processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information. Types of data at stake are name, address, phone number, IP address and cookies, race, religious affiliation, health and generic data, biometric data and sexual orientation and gender preference.


So what matters to digital marketers? Storing or processing of personal data can be undertaken only if the data subject has given consent to the processing of their personal data for one or more specific purposes, processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract, for compliance with a legal obligation to which the controller is subject, to protect the vital interests of the data subject or of another natural person, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller and for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


Moreover, according to Article 12 of the GDPR, the data subject has other important rights which include knowing what data has been collected and how such data has been processed, restricting processing inaccurate data, freely given and explicit consent to process and store personal data in clear and plain language separate from other information, requesting and receiving their personal data from a controller in a format easily transferrable to another data controller and withdrawal of consent and ask for personal data to be erased and no longer processed as stated in paragraph 65 of the preamble.


So how do you comply? To be compliant, organizations must ensure consent for processing and storing personal data that is freely given, with that consent sought in clear and plain language in separate information. Simply, organizations must explicitly educate users on how they plan to use their personal data, on an opt-in basis. Organizations also can’t restrict website usability or services if consent wasn’t given. Consent is not required for cookies that are used specifically for collection of non-sensitive personal data. Companies that allow third-party cookies on their sites can still be held liable for violations associated with data collection. Compliance can be attained by launching an opt-in banner immediately when a user enters a site. Companies should also make their privacy policies clear and accessible to users. Companies also need to ensure their data vendors and partners are handling and processing their data consistent with GDPR regulation. A possible solution is gated content which requires a form to be completed before the content can be viewed. Though Article 7 states the consent is not freely given if they can’t get a contract performed or a service provided without offering up their data, where the data isn’t necessary to perform the contract or provide the service. Regarding children, they must be at least 16 years of age to collect and process their data, ages 13-16 need consent from the child’s parent or legal guardian and under the age of 13 is prohibited. Also, language seeking children’s consent must be easily understandable. 64% of U.S. companies are looking to centralize their data centers in Europe. 54% plan to de-identify or anonymize European personal data.


GDPR is perhaps the most far-reaching and complex data regulatory framework ever. Though smart marketers can take advantage of this. 32% of companies plan to reduce their European presence and 26% intend to exit the EU market altogether. This reduces competition. You could make data privacy a feature of your brand. You can promote the measures you take to protect and respect your customer’s data. This will separate compliant marketers from shady marketers. GDPR gives you new opportunities as a marketer while protecting yourself. It will help you to be a better marketer. So be great!


We write this blog to help small business owners with their dilemmas, because that is what who we are, and those are our clients.

Thank you for reading the 1100 KFNX Blog. Click here to read more blogs we’ve written.

If you would like to get more information on 1100 KFNX, visit our website at:  www.1100kfnx.com

To learn about our advertising and show opportunities, visit the FAQs section of the website, with specific FAQ Blogs and Videos.

Please fill out the ‘Contact Us’ form to be sent information, or you can contact Francis Battaglia, President directly at: .(JavaScript must be enabled to view this email address)







Please enter the word you see in the image below:

Remember my personal information

Notify me of follow-up comments?