Marketing activities in Europe have declined by 10 per cent since the European Unions 2018 General Data Protection Regulation (GDPR) was introduced and the new ePrivacy Regulation that the EU is set to bring will deepen the impact of the GDPR on most companies, according to McKinsey and Company.
Companies need to address the new regulation with urgency while maintaining a strong focus on their business, the global management consulting firm said in a report.
The new regulation is expected to replace the 2002 Privacy and Electronic Communications Directive (known as the ePrivacy Directive) by late 2019 or early 2020.
Its focus is on privacy protection for data when they are transmitted electronically, and its status as a regulation (rather than a directive) means that it can be uniformly enforced across EU member states.
In broad terms, the regulation specifies how the general data-protection framework outlined in the GDPR will be applied to electronic-communication services provided over telecom networks and the Internet.
The regulation will impact most companies as it will apply to direct marketing sent over electronic communication networks.
Companies that provide electronic communication services, as well as the providers of the software and directories that support these services, will also come under the ambit of the new regulation.
Most market analysts believe the regulation will be enacted, and any company using electronic communications will have to monitor developments and prepare to meet the requirements, McKinsey said.
Penalties for infringement will be steep, with a top fine of four per cent of worldwide revenues or euro 20 million, whichever is greater.
The new provisions will cover electronic-communication networks; data stored in or sent from end-user equipment such as phones, tablets, and computers (including cookies, device IDs, and other identification software); and methods employed to approach customers over electronic-communication networks for direct-marketing purposes.
For example, the use of cookies will require consent except when the cookies are necessary for transmitting data, providing a requested service, or measuring a web audience.
"The e-privacy regulation about to come into force in Europe is part of a broader trend that is spreading to Latin America, Asia, and the United States," McKinsey concluded.
"By assessing the possible impact of the regulation, developing a clear and comprehensive road map for addressing it, and managing business implications carefully, companies can turn the regulation from a burden to an opportunity," said the report.
ALSO READ| Data Protection Bill likely to be placed in Parliament in Winter session: Official
ALSO READ| Average data breach cost hits Rs 12.8 crore in India: IBM