What is changing about GDPR in 2024?

Key implications for marketers.

Since its implementation in 2018 – the General Data Protection Regulation (GDPR) has been an integral consideration for almost all digital marketing campaigns. Designed to give individuals more control over their personal data, any breaches to GDPR compliance can mean hefty fines for businesses that don’t comply. This blog looks at the changes to GDPR in 2024 that marketers need to be aware of and what adjustments should be made when planning a digital marketing campaign.

GDPR changes in 2024
The 2024 amendments to GDPR introduce more explicit guidelines on the right to data portability which refers to the individual’s ability to obtain and reuse their personal data across different services. That means they have the right to receive personal data in a readable way and to transfer that data to another service. Organisations must ensure that any data collected can be exported in a compliant format with ease, establishing clear procedures and meeting system requirements. The right to be forgotten (right to erasure) allows individuals to request the deletion of their personal data when it is no longer necessary for the purpose it was collected or simply when an individual withdraws their consent.

Data = value
For professional marketers, data has significant value. Lead-generation campaigns for example are judged solely on their ability to provide quality and compliant data for future activities. When collecting data, marketers must meet the stricter consent requirements from the updated guidelines. In practice, this means an individual must explicitly give consent for their data to be stored, not implied through pre-ticked boxes or inactivity that preciously was acceptable. Marketing activities that collect leads, whether it is an internal campaign or for a customer, must provide clear and straightforward options for individuals to withdraw their consent at any time.

Data minimisation
The 2024 GDPR guidelines also highlight data minimisation and storage limitation. This means that only necessary data can be collected and processed, meaning marketers and businesses have to establish and document their data retention policies, showing clearly that personal data is not stored longer than is necessary.

Data security and notification
Not much has changed in 2024 when it comes to data security under GDPR guidelines. It is still the responsibility of companies and their marketers storing the data to implement advanced cybersecurity measures to protect personal data. The biggest change in 2024 is the breach notification window has reduced, requiring individuals to be alerted to a breach within 48 hours instead of the previous 72.

Data processing
Updated guidelines show that there must be a clear distinction between data controllers and processors, showing individuals that wherever their data is used in the supply chain all parties adhere to the GDPR standards.

Meeting the requirements
For marketers or businesses looking to collect an individual’s data, consider the following actions to ensure compliance with the 2024 guidelines:

• Audit consent processes
  Any current systems that collect data for various activities must be reviewed and to ensure that it includes instructions on how consent can be withdrawn.
  Marketers should also review that all the data being collected delivers the desired value, collecting excessive or irrelevant data will only increase the chance of breaching GDPR compliance.
• Ensure cybersecurity
  Marketers and companies should work closely with their IT teams to ensure that all data collected is encrypted, regularly backed up, and most importantly only accessed by authorised employees.
• Communication
  As with any policy changes, it must be clearly shown to individuals how their data is collected, stored, and protected. At a time when data security is more important to individuals than ever, this goes a long way to building trust with potential customers.

GDPR regulations seem to be a constantly moving goal post that requires regular updates to  data collection processes. Breaching GDPR rules can lead to heavy fines for any business, but the reputational damage can be even more costly. Individuals expect a level of transparency when it comes to their data and keeping up to date with the yearly guidelines will ensure that and means that marketers and businesses can focus on their value-adding activities.

Disclaimer
The content provided on this blog is for informational and guidance purposes only and does not constitute legal or professional advice regarding GDPR compliance or data protection practices. While we strive to ensure the accuracy and relevance of the information, it may not reflect the most current legal developments or interpretations. Readers should seek personalised advice from a qualified GDPR legal professional before making any decisions or taking any actions based on the content of this blog. We are not liable for any loss or damage resulting from reliance on the information provided.