GDPR Enforcement Set To Begin on May 25 - Comply or Pay

The European Union's GDPR (General Data Protection Regulation) will start being enforced on May 25, 2018. So perhaps it's time to admit that denial is no longer a strategy here. To help you sort out what you can - and cannot! - do without landing in legal and financial hot water, Marketo has releasd "The GDPR and the Marketer," a 41-page report it calls a practical guide for marketers.

"If you do business with Europeans that involves the processing of their personal data, this legislation applies to you," says the report. If all this seems boringly eye-glazing, the penalties for noncompliance should grab your attention: "Penalties for non-compliance are significant, with large fines for those in breach of the regulation: the maximum fine for a single breach is €20 million [almost $25 million] or 4% of annual worldwide turnover, whichever is greater," the report notes.

Designed to protect personal data online, the GDPR is built around 6 key principles, which the report describes as:

1. Transparency on how data will be used and what it will be used for.
2. Ensuring that the data collected is used only for the purposes explicitly specified at the time of collection.
3. Limiting the data collection to what is necessary to serve the purpose for which it is collected.
4. Ensuring the data is accurate.
5. Storing the data for only as long as necessary within its intended purpose.
6. Prevention against unauthorized use or accidental loss of the data through the deployment of appropriate security measures.

The report points out two key aspects of the GDPR relevant to marketers: 1) "consent by the individual to process their personal data"; and 2) "accountability, namely being able to demonstrate how they comply with the principles of the GDPR."

The report identifies potential land mines related to how personal data is used and lays out six scenarios on how to comply - in other words, how protect your company from the very expensive penalties described above.

This is a good start in learning what you need to know about GDPR, but it's only a start. You'll need expert advice from your CIO, attorneys, and more - as well as on how to train your marketing team to comply and how to institute the processes to ensure that they do.