Some general information by The CMR Agency on GDPR - General European Protection Regulation - from a marketing perspective - meant for non-legal persons
3. "GDPR as the biggest legal change of the
digital age" Mark Lomas- Cap Gemini
"This is perhaps one of the most
significant milestones achieved in data
protection in our lifetime and the
democratisation of the world’s biggest
single digital market is now complete".
Jan Philipp Albrecht MEP
4. € 20 million
4% of annual
world wide
turnover
Fines– up to … the higher of
5. GDPR - reality
GDPR is for all
companies, big and
small
For B2C and B2B,
staff and suppliers
Online and offline
data
You have to do much
more than only
reviewing current
privacy policies
Consent to use
personal data
requires positive
action by the
individual
The requirements
for obtaining
consent for the use
of cookies have
become more
extensive.
Applies to personal
data processed
manually and
automatically
Applies to all
companies active
with personal data
in Europe
The size of your
company is not
relevant for the
requirement of a
Data Protection
officer
6. As from 25 May 2016, organisations will have 2 years
to implement the new law before it will be enforced by
national data/privacy institutions
However, European citizens can already rely upon the
law in civil procedures since it is already effective now
GDPR –now?
7. Any information relating to an identified or identifiable
natural person “data subject”; an identifiable person is
one who can be identified, directly or indirectly in
particular by reference to an identifier… or to one or
more factors to the physical, genetic, mental,
economic, cultural or social identity of that person
Such as: online identifiers, location data, identification
number (device identifiers, cookie ID’s IP addresses
RFI-tags)
Personal Data
8. Principles of Personal Data
Lawfulness,
fairness and
transparency
Purpose
limitation
Data
minimisation
Accuracy
Storage
limitation
Integrity and
confidentiality
9. Valid consent for personal data collection
Freely given Specific
Informed Unambiguous
10. Privacy – notice should contain
Marketers identity
with contact
details, the purpose
and legal ground
for the processing
Information for the
data subjects rights
Recipients or
categories of the
recipient the data
will be shared with
Disclosure of which
legitimate interest
Consent granted –
the right of the
individual to
withdraw the
consent
The existence of
automated decision
making (profiling)
Period for which
the data is stored
The right to lodge a
complaint with a
supervisory
authority
Intent to further
process data for a
different purpose
11. GDPR and customer rights
Your customers should
have access to the
personal data you have
collected about them
You should obtain
permission to use
personal data and
make sure that
customers understand
what is happening to
their data
Your customer have the
right to object at any
time to processing of
personal data for
marketing purposes
Your customers have
the right to transfer
their personal data
from one platform to
another
Your customers have
the ‘right to be
forgotten’, to be
deleted from your
databases when they
request it
11
12. Want to be kept posted?
info@thecmragency.com
Subscribe to our newsletter
Seminar
AVG/GDPR
Click below
The extensive
opportunities and
threats of the new
European privacy
legislation for your
client contact
strategy.