Online marketers use the internet to directly or indirectly promote products. The marketer may promote his own products or third party services. The objective of both actions is to generate an income. Such income is derived from the match-making function of the marketer bringing together buyers and sellers. Whether the advertiser and publisher are distinct parties or not is irrelevant for the European General Data Protection Regulation (GDPR). The GDPR governs all organizations that process personal data of EU residents. Violations of the Regulation may lead to fines and sanctions, civil claims or complaints from data subjects, brand damage, loss of confidence and trust, and the possible termination of contracts. GDPR for Online Marketers deserves some special attention where it potentially jeopardizes the core business activities.
The Foundation and Key Principles of the GDPR
Following the Regulation, data processors and controllers that handle personal information of EU residents must implement appropriate technical and organizational measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. Accordingly, the Regulation governs the processing of personal information and data by organizations. Personal information and data is defined by the Regulation in Article 4 as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Since online marketers bring buyers and sellers together, the Regulation is applicable when identified or identifiable natural persons in the European Economic Area are targeted. A common misconception under online marketers and many other organizations is that the scope of the regulation excludes legal persons and organizations. The Regulation does apply to the personal data of identified or identifiable natural persons, regardless of the position when data is collected, controlled and processed. It follows that the GDPR applies when the purpose of the processing is to identify a natural person.
Most online and offline marketing and advertising efforts identify natural persons. GDPR for online marketers therefore includes most of the strategies used to target potential users or buyers, both online and offline.
Violations: Fines, Sanctions and Civil Claims
A violation of the GDPR Regulation, or a data breach may lead to severe consequences. The Regulation indicates liability, sanctions and penalties and remedies. It also addresses the possibility for data subjects to file civil claims against controllers for infringements of their rights. Under the GDPR, a data breach my lead to a fine of 20 million Euro, or 4% of the global turnover for the past financial year, whichever is higher.
Fines, sanctions and civil claims for data breaches and regulatory violations can be rigorous. Yet, maximum sanctions only result from substantial breaches and enduring infringements of large groups of data subjects. Still, compliance and prevention is always better than legal procedures.
GDPR for Online Marketers
Online marketing is a competitive industry. Many professionals try to beat the system and outrank others for personal gain. In a open and free market economy, consumers benefit from this approach since they can choose the best solution for their needs. Online marketers often need to focus on their core and marketing activities simultaneously. This already is a full time job. Regulatory compliance is often time consuming. Therefore, GDPR Software Solutions wants to make the life of the online marketer easier by offering straightforward, efficient and effective GDPR compliance solutions:
- Info Center: with a selection of 66 skillfully drafted documents that will give you all reports, templates, policies and guides you need to get the GDPR compliance job done;
- Mission Control: the 12 step approach guiding you on your path to GDPR compliance;
- Toolbox: A selection of 23 expertly designed and programmed tools to assist you on your implementation journey;
- Data Breach Support: professional assistance is recommended and mostly needed when things go wrong. This breach support service is 24hrs worth of 1-2-1 support after you have identified a data breach. Once you have purchased this package and notified us that there has been a breach, we will kick into action to protect your customers, information and your reputation. We will investigate and reconcile your data breach, inform your customers and develop a strategy with you, to prevent and protect against further breaches. Most importantly, we will deal with the supervisory authority so you don’t have to.
- Data Protection Officer: reliable, neutral and impartial professional DPO service with the expertise as required by article 37 of the Regulation. Pricing levels depend on the contract terms and size of the organization.