This post is by Anton Buchner, a senior consultant with TrinityP3. Anton is one of Australia’s leaders in data-driven marketing. Helping navigate through the bells, whistles and hype to identify genuine marketing value when it comes to technology, digital activity, and the resulting data footprint.
Important changes to data privacy for EU marketers
From 25 May 2018, Australian businesses of any size will have to comply with the European Union’s (EU) General Data Protection Regulation (GDPR) requirements if they:
- have a business entity in the EU
- offer goods and services in the EU
- monitor the behaviours of individuals in the EU
What is the GDPR?
It’s a regulation designed to standardise data privacy laws across Europe and to protect and empower all EU citizens’ privacy.
It’s similar to the Australian Privacy Act, and is helping reshape the way organisations across the EU approach data privacy.
The GDPR applies to ‘personal data’, which means ‘any information relating to an identified or identifiable natural person’ (refer Article 4) – including a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
It also introduces a new concept of “pseudonymous data” – in simple terms, personal data that has been subjected to technological measures (like hashing or encryption) such that it no longer directly identifies an individual without the use of additional information.
And it goes further than the Australian Privacy Act in offering additional protections to the processing of ‘special categories’ of personal data, which includes:
- personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
- the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person such as fingerprints, facial recognition, retinal scans etc
- data concerning health
- data concerning a natural person’s sex life or sexual orientation
So if you’re advertising, managing social media platforms, or conducting analytics that track or monitor activity and individuals from the EU, then you’ll need to update your policies, procedures and systems accordingly.
You’ll need to revisit what data you are collecting and understand whether it is caught by the personal data requirements of the GDPR.
And you’ll also need to evaluate your information handling practices and governance structures and seek legal advice where necessary. Continue reading “The importance of unsubscribe management”