Last month, we hosted a roundtable discussion on the European Union’s General Data Protection Regulation (GDPR) at the Business Information & Media Summit (BIMS). This new regulation requires publishers to get affirmative consent before they collect any data from an individual.

It also says a publisher must keep a record of the agreement, and the individual can revoke their approval at any time. A person also has the right to access, correct or completely erase any data collected about himself or herself. In addition to personally identifiable information (PII), this extends to non-personally identifiable information, like anonymous cookies, IP or digital fingerprinting.

The EU GDPR goes into effect on May 25, 2018, just five months away, so we compiled a list of the five things you should know about the EU GDPR.

  1. This regulation empowers the individual. They decide if a business can store their information and how they can be contacted. In fact, the GDPR only allows businesses to capture information that an individual has agreed to have collected. It also states that organizations can only communicate with a person in the way in which he or she has specified.
  2. It may be called the EU GDPR, but the U.K is also included. Despite the Brexit, the United Kingdom will also be enforcing this regulation.
  3. This is important, because privacy is viewed differently in the UK. Our attorney has said that in the U.K. it is considered a human right. That means, if companies fail to comply, they will be judged as if they are violating a basic, fundamental, human right.
  4. The degree to which companies are planning to adhere to the GDPR varies. In our discussion, there were publishers who planned to implement the policy across their database, meaning even those subscribers outside the EU would be GDPR compliant. Others planned to create a required, website opt-in form that would be displayed based on the location of the subscriber, so those in the EU were covered. Some participants in our roundtable said they won’t be making any changes to adhere to it.
  5. Start planning now. Making changes to processes and technology can take time. Determine how your company will handle it and begin putting plans into motion. It’s not too early to start.

Want to learn more about the EU GDPR? Check out this great article from Publishing Executive. In it, the author discusses how to start implementing changes.