The General Data Protection Regulation is above all – commentary on the European Data Protection Day

On the initia­ti­ve of the Coun­cil of Euro­pe, the Euro­pean Data Pro­tec­tion Day will be orga­ni­zed for the tenth time on 27 Janu­ary 2017. The aim of the Data Pro­tec­tion Day is to increa­se the awa­re­ness of data pro­tec­tion among EU con­su­mers as well as com­pa­nies. For com­pa­nies the­re is one key issue this year: the new EU Data Pro­tec­tion Regu­la­ti­on, which came into force offi­ci­al­ly in May 2016. The dead­line for the imple­men­ta­ti­on of the regu­la­ti­on is May 28, 2018. This may be a long-term per­spec­tive at a glance, but the ear­lier com­pa­nies are con­cer­ned with the effects of the regu­la­ti­on on their busi­ness, the bet­ter they can pre­pa­re them­sel­ves and use the regu­la­ti­on as an oppor­tu­ni­ty. Accord­ing to a recent Bit­kom stu­dy, howe­ver, a total of 44 per­cent of com­pa­nies do not yet have the EU Data Pro­tec­tion Princi­ples on the screen.

Mar­ke­ting can’t be ima­gi­ned without the use of (per­so­nal) data any­mo­re. Data is always the basis for ali­gning mar­ke­ting and ser­vice com­mu­ni­ca­ti­on. From per­so­nal data, which the custo­mer lea­ves behind at all touch­points, the insights about the custo­mers are gai­ned, which are necessa­ry to adapt com­mu­ni­ca­ti­on indi­vi­dual­ly to the customer’s needs. The­se are, for examp­le, tran­sac­tion data from online shops, respon­se data from cam­pai­gns or from other digi­tal con­tact points of the custo­mer jour­ney (such as the web­site / boo­king plat­form) as well as loca­ti­on data from loca­ti­on-based ser­vices. By assi­gning the­se data to a dedi­ca­ted user pro­fi­le (pro­filing), mar­ke­ting-rele­vant insights to the indi­vi­du­al user are gai­ned by means of various ana­ly­sis instru­ments, from sco­ring models to com­plex data mining methods.

General Data Protection Regulation regulates European privacy in a new way

The more the use of data in mar­ke­ting and, in addi­ti­on, in digi­tal busi­ness models of all kinds beco­mes more rele­vant, the more important is the data pro­tec­tion topic for com­pa­nies and thus the know­ledge and imple­men­ta­ti­on of the legal frame­work for data pro­tec­tion-com­pli­ant use of (per­so­nal) data. For the first time, the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on has crea­ted a set of rules that regu­la­te the collec­tion and pro­ces­sing of data across the EU and ter­mi­na­te the coexis­tence of dif­fe­rent natio­nal regu­la­ti­ons with it. The impact of the Gene­ral Data Pro­tec­tion Regu­la­ti­on on com­pa­nies depends on the respec­tive busi­ness model. Ger­man com­pa­nies have a lead in the imple­men­ta­ti­on of the Gene­ral Data Pro­tec­tion Regu­la­ti­on, as the Gene­ral Data Pro­tec­tion Regu­la­ti­on is ori­en­ted to the cur­rent Ger­man legal situa­ti­on in many aspects and many com­pa­nies have alre­ady imple­men­ted the essen­ti­al requi­re­ments. Howe­ver, Ger­man com­pa­nies should not rely on this. Even if the dead­line for the imple­men­ta­ti­on of the regu­la­ti­on is not until 28 May 2018, it is an advan­ta­ge for com­pa­nies to exami­ne at an ear­ly sta­ge whe­ther they are affec­ted by the Gene­ral Data Pro­tec­tion Regu­la­ti­on and whe­ther they have to make adjust­ments to their pre­vious pro­ces­ses to stay legal­ly secu­re for the future. The fact that many com­pa­nies have not done so yet is shown by a recent Bit­kom stu­dy. Accord­ing to the stu­dy, 44 per­cent of com­pa­nies do not even have the gene­ral data pro­tec­tion regu­la­ti­on on screen.

Ger­man com­pa­nies do not need to under­stand the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on as a hurd­le in the use of data, but on the con­tra­ry as a lead. As alre­ady men­tio­ned, Ger­man com­pa­nies have often alre­ady imple­men­ted gui­de­li­nes that may still be a chal­len­ge for other com­pa­nies. This com­pe­ti­ti­ve advan­ta­ge par­ti­cu­lar­ly app­lies to US com­pa­nies, which must also com­ply with the Gene­ral Data Pro­tec­tion Regu­la­ti­on when they offer their ser­vices wit­hin the EU. To take advan­ta­ge of this lead, the topic of data pro­tec­tion should be empha­si­zed in com­mu­ni­ca­ti­on. For con­su­mers as well as busi­ness custo­mers, high data pro­tec­tion stan­dards are an important fac­tor for trust in a pro­vi­der and also a con­cre­te purcha­se / usa­ge argu­ment.