- Don-Alvin Adegeest |
On 25 May the General Data Protection Regulation (GDPR) is coming into effect. The law will affect all fashion brands and companies who use data to make informed decisions about consumer purchase behaviour, from location-based marketing, to social media analysis to browsing history.
The GDPR will enforce rules for the the collection, processing, and transfer of personal data and replaces an outdated European law from 1995. This is why many companies and brands who send regular newsletters are asking its users to opt-in again.
What is the purpose of the GDPR?
The GDPR harmonizes data privacy laws, granting greater privacy rights and protections to EU data subjects (i.e. EU citizens), imposing new obligations on data controllers and processors, and levies potentially severe penalties for non-compliance.
Brand checklist for data collections
While the regulations are complex, a total of 99 articles written over 200 pages, companies can assess their own data collection and storage practices according to Hubspot. For example, which personal data is collected and store? Has it been obtained fairly? Were the necessary consents required? Were the data subjects informed of the specific purpose for which they will be used? Will the data be transferred outside the EU and if so, are adequate protections in place?
What are the consequences of non-compliance?
Companies that fail to be compliant with the new laws will see draconian fines. 20 million euros or 4 percent of global revenues, depending on what’s greater, will be levied against businesses that fail to comply with the new law. While all companies are vulnerable, those with poor data-protection practices or those that incur data breaches due to their own negligence are particularly exposed.
How will consumers benefit?
Companies must protect an individual’s IP address or cookie data with the same rigor as a name, address, and Social Security number. In addition, consumers may demand that any personal data be erased at any time from companies and third-parties. This means companies must create new systems that put privacy first – not as an afterthought.
For more information about the requirements and impact go to The EU General Data Protection Regulation.
Photo credit: Digital Guardian