The aim of the European General Data Protection Regulation (GDPR) is to update the national data protection laws in Europe since the 1995 Directive was established. However, GDPR is stricter and more wide-reaching than the 1995 Directive. Many applaud its goal to provide more transparency, choice and enforcement of personal data; however, some of its requirements are far-reaching and complex and will impact all organizations who deal with EU residents’ personal data. We have outlined some key provisions below for marketers to begin the process of coming into compliance.
This guidance should not be construed as legal advice; it is being provided for informational purposes only. Please consult with your legal counsel for application to your business practices to ensure that your program is meeting appropriate legal requirements.
EU adopts sweeping data privacy legislation called the European Union Data Protection Directive.
The European Commission (EC) formally unveils a proposed General Data Protection Regulation (GDPR), aimed at replacing the 1995 Directive in its entirety.
European negotiators finalize the proposed GDPR language
The European Parliament approves GDPR, concluding the legislative phase of adopting the regulation, and commencing a two-year transition period before the regulation takes effect.
Enforcement of GDPR begins
What types of marketing are covered?
Postal, email and Interest-based advertising (IBA)
If you answer yes to any of the questions below then you are covered under GDPR:
Key Notes:
For additional information on the provisions, enforcement and resources, please log in below.