Throughout this century, there have been few cases in which huge and relevant companies have been involved in international scandals that have had to do with hacking and stealing personal data from their customers. In the most recent incident, Facebook didn't suffer a hacking or theft of information per se, but one of its partners, the Cambridge Analytica intelligence company, used users personal data (from the Mark Zuckerberg company) to influence in the 2016 United States elections and the departure of Great Britain from the European Union.
Whether by cyber theft or carelessness, what is certain is that the digital era is facing a dilemma that nobody had anticipated: the treatment and value of personal data that every day and at all times millions of people give, sometimes unconsciously, to hundreds of companies, some of which do not pay enough attention to protect them and make good use of them.
That is why GDPR emerged in Europe. In this article, we will explain what it is and how it will influence your next digital marketing campaigns.
What is GDPR and what are its implications?
It is a fact that much of the reason for these scandals has also to do with the legal gaps and the lack of understanding that the authorities and judges have on the subject (for that reason it is that Zuckerberg wasn't called to testify in a court, but the US Congress, because before acting, its members wanted to understand what was going on).
The European Union "act properly" and in April 2016 adopted the General Data Protection Regulation (GDPR), entering into force on May 25, 2018. This regulation puts personal data at the highest level of legal compliance and protection and applies to all companies that work with personal data of European residents, even when these companies don't have their headquarters in Europe.
GDPR takes the individual as the data protection axis, that is why it gives the right to know and decide how your personal data is used, stored, transferred, protected and eliminated. But it goes further because now people can request detailed reports on such use and even they can request to delete all their data.
Likewise, GDPR grants the right of portability to the user. This means that the data must be in a structured format, commonly used and mechanically read (an excel, for example), so that people can easily export them and transfer them to another responsible party.
For brands, this implies that they must change certain processes in such a way that they transparently collect, use and protect personal data, which will undoubtedly influence the way digital marketing will be performed in the short term.
"My brand is Mexican and my company is based in Mexico, how does this affect me?"
According to PwC's Global State of Information Security Survey 2017, in Mexico, it is estimated that 87% of companies have had an incident of information protection. Likewise, in 2014 the expenses due to cyber crimes were 3 billion dollars.
If your brand is marketed in European territories or has its headquarters in that continent, and collects personal data, you must comply fully with GDPR, as well as take measures to securely protect and store the data of your customers.
Another reason why GDPR is relevant is that it expose the concept of the data controller, which must take responsibility and create and implement measures so no one violates their security and can be safeguarded correctly.
What happens with the General Data Protection Regulation Federal Law in Possession of Individuals?
Since July 2010 the General Data Protection Regulation Federal Law in Possession of Individuals is in force in Mexico, which has some differences and coincidences with GDPR, such as: