Real-World Education for Modern Marketers

Join Over 600,000 Marketing Professionals

Start here!
Text:  A A

What CMOs Need to Know About the Looming General Data Protection Regulation (GDPR)

by David Gee  |  
March 13, 2018

The countdown is on: Only two months are left for companies to ensure they are in compliance with the European Union's General Data Protection Regulation (GDPR), set to be implemented on May 25. The regulation will apply to all businesses that hold and process personal data collected in the European Union, regardless of those businesses' industry or location.

A bit of history: before GDPR, the EU relied on the 1995 Data Privacy Directive, which proved difficult to enforce, and compliance levels varied across the EU. Although countries like Germany and the Netherlands employed rigorous controls, some countries had virtually no controls whatsoever. The GDPR is designed to tackle that issue and ensure all countries deploy comprehensive controls to keep EU residents' and visitors' data safe.

The new GDPR rules are in the form of a regulation—imposing data protection standards that should, in theory, be the same in all 28 EU member states.

GDPR is serious business, and US companies and CMOs need to understand the huge impact it will have on cybersecurity and business operations as a whole.

What is GDPR?

There is a lot of misinformation out there about GDPR, so let's start by defining it. The GDPR is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. The deadline for full compliance is May 25, 2018. Those that do not comply risk being fined up to 4% of their annual revenues, up to €20 million.

Does GDPR apply to data already in use by an organization?

A common misperception is that GDPR applies only to data collected after May 25, 2018. That is false. Existing customer data may become largely obsolete once GDPR comes into force, because individuals must give an explicit opt-in—they must expressly agree to allow an organization to contact them—before they can be marketed to.

Sign up for free to read the full article.Read the Full Article

Membership is required to access the full version of this how-to marketing article ... don't worry though, it's FREE!


We will never sell or rent your email address to anyone. We value your privacy. (We hate spam as much as you do.) See our privacy policy.

Sign in with one of your preferred accounts below:


David Gee is chief marketing officer at Imperva Inc., a provider of cyber-security solutions that protect business-critical data and applications.

LinkedIn: David Gee

Twitter: @davidgee

Rate this  

Overall rating

  • Not rated yet.

Add a Comment


  • by Robert Howells Mon Mar 19, 2018 via mobile

    Just one point of clarification . Unambiguous consent is just one of six grounds that can justify data handling and processing. Others include legitimate business interest and execution of a contract. Both of these may apply to customer data. Digital communication is covered by the ePrivacy regulation (PERC) not GDPR and a new version of that is still under review

MarketingProfs uses single
sign-on with Facebook, Twitter, Google and others to make subscribing and signing in easier for you. That's it, and nothing more! Rest assured that MarketingProfs: Your data is secure with MarketingProfs SocialSafe!