The document discusses the General Data Protection Regulation (GDPR), highlighting it as a significant change in EU data protection law affecting all companies handling personal data in Europe. Key requirements include obtaining explicit consent for data processing, ensuring transparency about data usage, and recognizing customer rights such as access to and deletion of personal data. Organizations have until May 2018 to comply with these regulations, which also impose severe penalties for non-compliance.

1. Customer Managed Relations
The CMR Agency
General Data Protection Regulation
Introduction for Marketeers

2. “Biggest change to EU data protection law
for two decades" - SC Magazine

3. "GDPR as the biggest legal change of the
digital age" Mark Lomas- Cap Gemini
"This is perhaps one of the most
significant milestones achieved in data
protection in our lifetime and the
democratisation of the world’s biggest
single digital market is now complete".
Jan Philipp Albrecht MEP

4. € 20 million
4% of annual
world wide
turnover
Fines– up to … the higher of

5. GDPR - reality
GDPR is for all
companies, big and
small
For B2C and B2B,
staff and suppliers
Online and offline
data
You have to do much
more than only
reviewing current
privacy policies
Consent to use
personal data
requires positive
action by the
individual
The requirements
for obtaining
consent for the use
of cookies have
become more
extensive.
Applies to personal
data processed
manually and
automatically
Applies to all
companies active
with personal data
in Europe
The size of your
company is not
relevant for the
requirement of a
Data Protection
officer

6. As from 25 May 2016, organisations will have 2 years
to implement the new law before it will be enforced by
national data/privacy institutions
However, European citizens can already rely upon the
law in civil procedures since it is already effective now
GDPR –now?

7. Any information relating to an identified or identifiable
natural person “data subject”; an identifiable person is
one who can be identified, directly or indirectly in
particular by reference to an identifier… or to one or
more factors to the physical, genetic, mental,
economic, cultural or social identity of that person
Such as: online identifiers, location data, identification
number (device identifiers, cookie ID’s IP addresses
RFI-tags)
Personal Data

8. Principles of Personal Data
Lawfulness,
fairness and
transparency
Purpose
limitation
Data
minimisation
Accuracy
Storage
limitation
Integrity and
confidentiality

9. Valid consent for personal data collection
Freely given Specific
Informed Unambiguous

10. Privacy – notice should contain
Marketers identity
with contact
details, the purpose
and legal ground
for the processing
Information for the
data subjects rights
Recipients or
categories of the
recipient the data
will be shared with
Disclosure of which
legitimate interest
Consent granted –
the right of the
individual to
withdraw the
consent
The existence of
automated decision
making (profiling)
Period for which
the data is stored
The right to lodge a
complaint with a
supervisory
authority
Intent to further
process data for a
different purpose

11. GDPR and customer rights
Your customers should
have access to the
personal data you have
collected about them
You should obtain
permission to use
personal data and
make sure that
customers understand
what is happening to
their data
Your customer have the
right to object at any
time to processing of
personal data for
marketing purposes
Your customers have
the right to transfer
their personal data
from one platform to
another
Your customers have
the ‘right to be
forgotten’, to be
deleted from your
databases when they
request it
11

12. Want to be kept posted?
info@thecmragency.com
Subscribe to our newsletter
Seminar
AVG/GDPR
Click below
The extensive
opportunities and
threats of the new
European privacy
legislation for your
client contact
strategy.