GDPR – What Is It? And What Can Your Company Do About It?

The deadline for compliance with the new Global Data Protection Regulation (GDPR) is fast approaching, and with it comes a whole host of challenges for modern marketers. Now that the time is practically here, you might expect that those of us in the industry are well-equipped to handle the impending changes… right?


In fact, 41% of marketers admit to not fully understanding both the law and best practice around the use of consumer’s personal data. Social media provides countless opportunities for GDPR-compliant customer engagement, but without knowing where the legality lines are drawn and what challenges those lines present, marketers cannot lead businesses to that engagement in a safe and effective way.

That’s why we’ve put together this quick and easy guide to help you prepare for the new regulations.

So, what exactly is GDPR?

GDPR is a new data privacy law that’s set to take effect in the European Union on May 25th, 2018. The regulations are designed to give users more control over the way their data is collected, used, and stored, making customer privacy a fundamental part of doing business in the EU.

What do the regulations entail?

  1. In order to obtain user data, companies must ask for consent in a simple, comprehensible way, and must receive affirmative confirmation (i.e. consent cannot be given by inaction).
  2. Companies should only collect and process the specific information they require.
  3. Users have the right to access the data that’s being kept on them and to know how it’s being used.
  4. Users have the right to correct or complete otherwise incorrect or incomplete data by providing a supplementary statement.
  5. Users have the right to request that their data be transferred to another controller where “technically feasible.”
  6. If a person decides that they no longer wish for companies to have their data, they have the right to be forgotten at any time.
  7. Companies must take a “privacy by design” approach to data collection and storage. For those who engage in “regular and systematic monitoring of data subjects on a large scale,” this means designating a Data Protection Officer.
  8. Should a data breach occur, companies have just 72 hours to notify those whose data was affected.

Now what?

 I know it seems like a lot of information, and I’d be lying if I said the new laws weren’t incredibly comprehensive. But when brands stop thinking about GDPR as a hinderance and start thinking about it as an opportunity to reimagine the customer relationship and reestablish brand trust, compliance will follow. The good news is that social media is brimming with opportunities for brands to tap into their audience in a compliant way.

Want to test your regulation knowledge? Take this quiz to find out if you’re a compliance clod or GDPR genius.

Want to learn how social can help your company thrive in the wake of the new laws? Check out our GDPR Survival Guide. And Connect with us to learn more about how this law will effect marketers.