The General Data Protection Regulation (GDPR)

What is the GDPR? 

The EU General Data Protection Regulation (GDPR) is designed to harmonize data privacy laws across Europe. Applying to all personal and sensitive personal data, the regulation will significantly change how an organisation collects, stores and manages consumer data.


The GDPR is due to be implemented across the EU and will apply in the UK from 25 May 2018.

What about Brexit?  

Despite the many uncertainties surrounding Brexit, one thing is for sure, the GDPR will still be implemented in the UK in May 2018 and all organisations should continue their preparations to comply with the regulation.

What do advertisers need to know?

  • Impact: While the GDPR will have a significant impact on digital advertising, it is not the only marketing function that the Regulation will affect. All marketing that uses consumer data now comes under its scope. 
  • Scope: All data will now fall within the scope of the new law and will be called ‘personal data’. For digital advertising all data processed is expected to fall within the Regulation.
  • Processing Personal Data: The Regulation allows for several ways to process / collect personal data – one option is with “unambiguous” consent of the user, or when it is in the “legitimate interests” of the organisation processing the personal data - preventing fraud and direct marketing are considered legitimate interests.
  • Profiling: People will have the right not to be subjected to profiling or the “automatic processing of personal data’” where it may cause “legal effects” or similar effects (ie refusal of a credit application). 
  • Fines: Regulators will be able to fine organisations up to 4% of annual global turnover in the event of a breach. 

GDPR Guidance

 There are a number of excellent guidance notes on the GDPR already available for ISBA members to access, including:


Guidance on the use of Legitimate Interests under the EU General Data Protection Regulation

Produced by the Data Protection Network (DPN), with contributions from ISBA and the DMA, this guide outlines how and when marketers can engage with audiences using Legitimate Interest as a basis under the GDPR. The guidance provides practical advice on assessing whether the processing of personal data might be considered “necessary” and whether it meets the crucial Balance of Interests Condition. Request your copy of the guidance now for a full overview.




5 things every brand owner should know about the GDPR

This guide from the World Federation of Advertisers (WFA) highlights some of the key elements of the GDPR that are likely to have an impact on brand owners, providing suggestions for how marketers should think about their approach to privacy in the context of the regulation. Covering issues such as consent, transparency and children's data, the guide is available to ISBA members on request. Contact us now to get your copy.


Further guidance on the GDPR is expected from before the end of the year. We will update you on any further developments.  



Do your contracts include clauses relevant to new data requirements under the GDPR?

ISBAs Creative Services Contract 

ISBA will be re-launching our Creative Services Contract later this year. The updated versions will be amended to include three new GDPR contractual advisory pieces and will ensure all relevant services are fully compliant with the impending regulation.

For more information on this or any aspect of your contracts, please contact Debbie Morrison

Insights on demand



What does consent look like under the GDPR?

One of the key changes under the GDPR is around the requirements for obtaining consent. This session covers the critical elements of the new rules surrounding consent.

Watch the full video here.




The new ePrivacy Regulation

Simon Morrissey, Partner and Head of Data and Privacy at Lewis Silkin LLP looks at the practical impacts of the proposed ePrivacy Regulation which European Regulators are hoping to bring into force in May 2018 to coincide with the General Data Protection Regulation (GDPR). As the first major overhaul of the legislation since 2009, the new regulation will have a significant impact on how brands market and advertise through web, mobile and telephone channels.

Watch the full update here.