Like it or not, EU General Data Protection Regulation (GDPR) is coming and companies aren"t entirely sure the best method for avoiding the heavy fines that the regulation imposes for noncompliance. At the core, GDPR requires that people in the EU have the "right to be forgotten" from any system their personally identifiable information (PII) is housed in. In addition, the regulation forces companies to require consent from the individual before storing, processing, and using the PII.
At least one company is looking to remove as much risk as possible. According to Wired, Wetherspoon has simply deleted all of the email addresses from their marketing database. Instead, the company plans on marketing via social media channels, including its Facebook and Twitter accounts, as well as its corporate website. Wetherspoon is doing this to help prevent heavy fines that range from either 2%-4% of gross revenue or 10,000,000 EUR to 20,000,000 EUR, depending on which penalty is higher. Enforcement will go into effect in May of 2018.
If you"re not familiar with the details of GDPR, our very own Florin Bodnarescu laid out what the regulation is, the penalties, and what it means for you. It"s definitely worth reading through to get a good understanding of the law.
Source: Wired