GDPR – General Data Protection Regulation

Under GDPR terms, personal data refers to anything that can be used to identify an individual, such as name, email address, IP address, social media profiles or social security numbers. By explicitly mandating corporations to gain consent (no automatic opt-in option) from consumers on the gathered personal data, individuals know what information organizations are holding. Further, in the consent system, businesses must clearly outline the purpose for which data is collected and seek additional consent if they want to share it with third parties. In short, GDPR’s aim is to ensure consumers retain the rights over their own data.

GDPR eight (8) basic rights include: the right to access, the right to be forgotten, the right to data portability, the right to be informed, the right to have information corrected, the right to restrict processing, the right to object, the right to be notified.

GDPR puts consumers into the driver’s seat, and the task of complying with this regulation falls upon businesses and organizations. GDPR applies to all companies established in the EU, regardless of whether the data processing takes place in the EU or not. Even non-EU-established organizations are subject to GDPR. If a business offers goods and/or services to citizens in the EU, then it is subject to GDPR.

All companies that work with personal data should appoint a Data Protection Officer (DPO) or Data controller who is in charge of GDPR compliance. There are tough penalties for companies who do not  comply with GDPR, fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater.

Now, many people might think GDPR is just an IT issue, but that is the furthest from the truth. It has broad-sweeping implications, including the way companies handle marketing and sales activities.

The conditions for obtaining consent are stricter under GDPR requirements as an individual must have the right to withdraw consent at any time and there is a presumption that consent will not be valid unless separate consents are obtained for different processing activities. This means a company must be able to prove an individual agreed to a certain action, to receive a newsletter, for instance. It is not allowed to assume or add a disclaimer, while providing an opt-out option is not enough.

GDPR changes a lot of things, such as the way sales teams prospect their targets or even marketing management activities. Companies must review business processes, applications, forms to be compliant with double opt-in rules and email marketing best practices. In order to sign up for communication, prospects will have to fill out a form, or tick a box and confirm it was their actions in a further email. Organizations must prove consent is given in a case where an individual objects to receiving communication. This means any data held must have an audit trail time stamped and reporting information detailing what the contact opted into and how.

If marketing lists are purchased, a company is still responsible for getting the proper consent information, even if a vendor or outsourced partner was responsible for gathering the data. In the B2B world, salespeople meet potential customers at a trade show, exchange business cards, and when back to the office, add the contacts to the company’s mailing list. In 2020 and above, this is no longer possible.

GDPR services market is expected to grow from USD 907.4 million in 2018 to USD 2,659.4 million by 2023, at a Compound Annual Growth Rate (CAGR) of 24.0% during the forecast period. The major drivers include the implementation of GDPR, the generation of enormous data amounts, the need for data security and privacy, and the demand for data processing transparency, leading to improved security service delivery.

Data management solutions are expected to account for a larger market share. Data management encompasses all data-related processes required to manage the entire enterprise data lifecycle. Data management solutions are incredibly important to comply with GDPR, as these solutions help store, access, delete, encrypt, and monitor users’ personal data while complying with GDPR.

Professional services segment is expected to hold a larger market size compared to the managed services segment, owing to the ambiguity around GDPR across organizations. Professional services for GDPR include GDPR readiness assessment, risk assessment and DPIA, DPO-as-a-Service, training, and certification. Professionals use the latest techniques, comprehensive strategies, and skills to fulfill the security requirements of organizations. Moreover, they offer customized implementation, risk assessment, and assistance during the deployment of GDPR solutions using industry-defined best practices.

SMEs segment is expected to record a higher growth rate compared to the large enterprises segment. Implementing GDPR can be overwhelming for SMEs with limited resources or capital, GDPR not being a top objective. However, consequences of not complying with GDPR can lead to fines or withdrawal of business licenses within the EU region. The high cost of implementing GDPR solutions and services may lower profit margins for SMEs, yet, SMEs can benefit from partnering with partners to support and help them comply with the new legislation.

EU region is expected to witness the fastest growth in the GDPR services market. GDPR represents a business opportunity for European organizations to gain an advantage over competitors. The global nature of GDPR is expected to impact the vast majority of large businesses in Europe and further affect international markets. Global companies with any EU citizens as customers need to be aware of and comply with these new legal obligations to avoid fines. The high level of international businesses involving the EU is expected to influence robust data protection procedures around the world.