This is the second part of my presentation of the GDPR (General Data Protection Regulation), adopted by the EU on 24 May 2018. You can read the first part here.
No matter the size of the companies, small, medium or big, the new provisions shall apply to all the institutions and companies that process personal information of the consumers in the EU. According to a survey conducted by MKOR Consulting, more than one third of the Romanian companies were not familiar with GDPR at the beginning of the year.
On the other hand, however, almost two thirds of the Romanian companies had already updated their internal processes or were in the process of updating with GDPR before the deadline. According to the size of the company, the budgets allocated to the implementation of the new provisions vary from EUR 1,000 to EUR 10,000.
According to the new GDPR provisions, many marketing strategies, such as the use of cookies (codified texts withholding the users’ preferences for a certain website) or pre-checked cases allowing the receipt of promotional materials will have to be adapted to observe the privacy and confidentiality of the consumers. Another major implication is that enterprises will have to use SSL certificates (protocols encrypting the exchange of data via the Internet) to increase consumer security in the online environment when they enter personal information on the company website.
Also, certain aggressive methods of direct marketing, such as the abusive sending of newsletters or text messages without the users’ prior consent, may generate legal problems to the company, besides affecting the brand image.
Therefore, personalized adverts will become less accessible marketing actions given the increase in the budget necessary to their implementation; however, on the other hand, the quality of the personalized messages will considerably increase and will become a premium category for many traders. Increasing data security will also require renewing or changing the data storage infrastructure, which will lead to increasing user costs. The relation between marketing and data security will substantially determine the evolution of the budgets and the traders will have to come up with innovative ideas of promotion and to adapt to the new requirements.
What Needs to Be Done?
Of course, these provisions have crucial implications to Romanian companies, especially startups, which, the same as their EU counterparts, are not fully prepared to get in line with GDPR. Although this new law, which is one of the most important decisions by the European Parliament over the last 20 years, does not stand for a radical change in respect of consumer protection, fact is that its implementation will require many resources, both financial and human.