GDPR Did You Know: Spam Gets Fried by New Regulations

You may be seeing less spam in your future. Not the pork shoulder and ham mix popularized during World War II – I’ll leave that dietary decision to you. I mean unsolicited emails, especially from companies you’ve never heard of.

Spam is about to go back in the can, at least spam that originates from legitimate marketers, because of changes in regulations that are giving consumers greater control over their privacy.

One big step in anti-spam comes with the European Union’s new General Data Protection Regulation (GDPR), which takes effect in May 2018. GDPR is likely to become the global standard for privacy because it will apply not only  to companies located in the EU but to all companies worldwide doing business with EU customers.

Two terms in GDPR will likely become much more familiar with time:

  • Privacy by Default, which means companies can only retain and use information that is immediately pertinent to providing the product or service. For example, an ecommerce site might need your home address for shipping, but it would have no need to reveal it to others. I see this becoming important in social media, especially as it relates to age and location.
  • Privacy by Design is the more enduring point here.  It makes data protection a crucial part of technology development from the beginning. Under GDPR, each new service or business process that uses personal data must be able to show how the data is protected.

The easiest and most efficient route to compliance for many companies will be using a third-party service. Others will do it internally by relying on IT staff or a privacy program officer. If so, I’d suggest building a strong framework that draws on best practices for privacy, by design and by default, and communicates that viewpoint throughout the organization.

Like other elements of GDPR compliance, the penalties for violation can be stiff – up to 20 million euros or four percent of gross annual revenue, whichever is greater – but it is widely believed that a solid attempt at compliance will go a long way toward mitigating penalties.

Plus, nobody really wants spam, unless it is a Monty Python punch line.

By Jason Rose

Meet us at

IDENTIFIED. The Customer Identity Conference
London, UK

June 6, 2017
View Event >