Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The New Rules
OF DIGITAL MARKETING
Valid globally from 25 May 2016
Obligatory for ALL organisations
with Customers in the ...
! Important ! Name Change
The activities that used to be known as:
• Digital Marketing
• Online Marketing
• Performance Ma...
When the New Rules apply:
EU General Data Protection Regulation (GDPR)
• Comes into force: 25 May 2016
• Two year grace pe...
Who the New Rules apply to:
If your organisation stores and processes
data about EU Citizens:
• Contacts
• Prospects
• Cus...
The New Rules
The "EU General Data Protection Regulation"
The full-length official title:
REGULATION (EU) 2016/679 OF THE ...
What's it all about?
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016 on the protec...
1: Protection of Natural Persons
The European Union takes protection of personal privacy very seriously.
The first paragra...
2: Personal Information
European Law uses a very wide definition of Personally Identifiable
Information (PII):
"Data that,...
3: Data Processing
The scope of the EU Law is not limited to in-house systems like CRM. It
also covers all the 3rd Party s...
4: Movement of Data
International marketers need to move customer data around: from system
to system; from one team to ano...
Compliance
The key principles of EU Privacy laws are:
• fairness, lawfulness and transparency
• purpose limitation
• data ...
Non-Compliance
National Data Protection authorities (DPAs) in Europe are
empowered to initiate court cases against compani...
Sanctions
Companies that violate the Privacy rights of EU citizens will
be fined. There are two tiers of administrative fi...
GDPR - Quick Check Flowchart
©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
Upcoming SlideShare
Loading in …5
×

New rules of Digital Marketing 25 May2016

3,211 views

Published on

There are new rules for Digital Marketing: any organisation selling to Customers in the EU must comply with the General Data Protection Regulation by 25 May 2018 or face fines up to 4% of global turnover. The laws apply to all organisations worldwide, no matter where they are incorporated. Businesses have just 2 years to comply.

Published in: Marketing
  • Be the first to comment

New rules of Digital Marketing 25 May2016

  1. 1. The New Rules OF DIGITAL MARKETING Valid globally from 25 May 2016 Obligatory for ALL organisations with Customers in the EU, no matter where they are incorporated. Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|v1.1May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  2. 2. ! Important ! Name Change The activities that used to be known as: • Digital Marketing • Online Marketing • Performance Marketing • eMail Marketing • Direct Marketing • Inbound Marketing • Outbound Marketing • eCommerce, eShop • … and others … in fact, any business activity that uses data about EU prospects or customers for personalised communication or one-to-one marketing … will now be known as: EU DATA PRIVACY COMPLIANCE Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  3. 3. When the New Rules apply: EU General Data Protection Regulation (GDPR) • Comes into force: 25 May 2016 • Two year grace period for international business to adapt processes • After 25 May 2018, sanctions will be applied for Non-Compliance ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
  4. 4. Who the New Rules apply to: If your organisation stores and processes data about EU Citizens: • Contacts • Prospects • Customers Also: • Business Partners • Channel Partners, Distributors, etc. • Staff The New Rules apply no matter where your organisation is incorporated. • European Community • Other European country • North Americas • Central and South America • Africa • Middle East • Asia & Pacific • Australasia ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
  5. 5. The New Rules The "EU General Data Protection Regulation" The full-length official title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data … Available in PDF format, in 24 languages, from this web page: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
  6. 6. What's it all about? REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data 1 2 3 4 ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
  7. 7. 1: Protection of Natural Persons The European Union takes protection of personal privacy very seriously. The first paragraph of the new Law states: The protection … of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The customer has a right to privacy: marketers must have their permission to communicate, promote or sell. Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  8. 8. 2: Personal Information European Law uses a very wide definition of Personally Identifiable Information (PII): "Data that, alone or in combination, identifies an individual …" It includes: • Explicit data: captured online or offline • Implicit data: click behaviour, cookies, metadata, IP adresses • Stored in computers, networks , Clouds, as-a-Service Systems Watch out if you combine data from multiple sources to build a more complete view of your customer – especially sources like Social Media. The safest policy for international Marketers, is to treat all EU customer data as Personally Identifiable Information (PII). Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  9. 9. 3: Data Processing The scope of the EU Law is not limited to in-house systems like CRM. It also covers all the 3rd Party systems in your Marketing Technology Stack: • Advertising & Promotion • Content & Experience • Social & Relationships • Commerce & Sales • Data, Analysis & Reporting If you can answer questions like "who did what?", you're processing Personally Identifiable Data and you're analysing individual Customers. It's allowed – but only if you can prove that you got Permission from the Customer before you started doing the analysis. PLATFORM AS-A-SERVICE SOFTWARE AS-A-SERVICE INFRASTRUCTURE AS-A-SERVICE Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  10. 10. 4: Movement of Data International marketers need to move customer data around: from system to system; from one team to another; from one country to another. When you move data about EU citizens around your company or around the world, the new EU law clearly defines what you have to do to make those data transfers legal. The EU rules are strict. For example: if users outside the EU can login to a system that displays PII about EU Customers, data has been 'exported'. If your organisation is incorporated outside the EU, you'll need to build a lot of new processes and do a ton of documentation to prove compliance. COLLECT CUSTOMER INSIGHTS AS YOU PASS ONE-TO-ONE MARKETING PERSONALISED MARKETING BUDGETCUT GIVE50%OF YOURCASHBACK TOTHEBOARD Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  11. 11. Compliance The key principles of EU Privacy laws are: • fairness, lawfulness and transparency • purpose limitation • data minimisation • data quality • security, integrity and confidentiality. New Principle: Accountability of Data Controllers Data Controllers - the people who decide what data is used and how. They're responsible for demonstrating compliance with EU data protection principles. Ultimately, that means the CMO. ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016
  12. 12. Non-Compliance National Data Protection authorities (DPAs) in Europe are empowered to initiate court cases against companies. The court will be European; EU law will be applied. Processes and practices for storing and processing data about EU citizens must comply with EU law. In addition, you must be able to prove compliance in a court of law, which means documentation and a paper trail: • Data flows and information processes • Who made decisions, when, how & why • Privacy Impact Assessments Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  13. 13. Sanctions Companies that violate the Privacy rights of EU citizens will be fined. There are two tiers of administrative fines: 1. Some contraventions will be subject to fines of up to € 10 Million or, in the case of a business 2% of global turnover, whichever is the higher 2. Other contraventions will be subject to fines of up to € 20 Million or, in the case of a business, 4% of global turnover, whichever is the higher Violations of basic data processing principles, consent, rights of the individual, data export will receive Tier 2 fines. Text©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016|DesignelementsinspiredbyMonopolygameownedbyHasbro.
  14. 14. GDPR - Quick Check Flowchart ©AndrewSanderson|as@ansaco.de|+49(0)16093463401|May2016

×