ePrivacy vs GDPR: what’s the difference?

ePrivacy regulation vs GDPR

The introduction of the EU’s General Data Protection Regulation (GDPR) back in 2018 was a bombshell moment. Due to come into force either later this year or early in 2020, the ePrivacy Regulation will open a new can of regulatory worms for businesses of all sizes. 

Here is more information about the law, how it differs from GDPR and what you can do to comply. 

ePrivacy vs GDPR 

The ePrivacy Regulation will replace the ePrivacy Directive, which many of you will be familiar with. But what’s the difference? Well, whereas a directive merely sets a direction of travel for EU member states for legislation, a regulation is much more prescriptive and must be implemented in full in each EU jurisdiction – much like the GDPR is today. 

In fact, the GDPR and the ePrivacy Directive are very close relatives. The latter is the application of the privacy and consent principles of GDPR to the specific case of personal data that’s communicated electronically by businesses. The provisions of GDPR can therefore be seen as sitting above those of the ePrivacy Regulation. 

What the ePrivacy Regulation means for you

Technicalities aside, the burning question for businesses is whether or not you need comply. The short answer is that if you provide any sort of online communications service, engage in electronic direct marketing or use any form of online tracking, such as cookies, then you do. 

Unlike with the old ePrivacy Directive, companies like WhatsApp or Skype that use others’ networks to deliver their services are now obliged to comply. Another novelty is that the new regulation covers not only the content of communications but also the associated metadata – the time a message was sent, for example, or the location it was sent from. Companies can now only use this data if a user has given their explicit consent. Other innovations include simplifying rules around the use of cookies and stronger protections against spam. 

The message to small and medium-sized businesses is therefore clear: the regulatory ride is only just beginning. GDPR has established solid principles around privacy and consent that we can now expect to see applied into specific markets through new laws like the ePrivacy Directive. This means businesses need to have in place a dynamic approach to compliance, once that can respond rapidly to new regulations as they emerge without causing too much disruption to their business.

The role for compliance software

It’s here that choosing the right compliance software can make all the difference. When it comes to data privacy, there are a wide range of data governance solutions on the market that combine features such as big data analytics, storage, and security in a single package. Such software helps businesses keep on top of how they use and analyse data so that they can ensure they comply with all relevant obligations around consent and security.  

Additionally, and as you might well expect with a regulation as high-profile as GDPR, the market has also responded with a number of new GDPR-specific solutions. Some of these products offer solutions to niche areas of GDPR compliance, such as helping businesses easily respond to requests for access to data by the owners of that data, while others provide a more complete approach and seek to address all elements of the law.

Finding the best software for your business

What’s important is that you find the right software for your business. By researching what’s on the market you can get a good idea of the capabilities on offer and select the solutions that plug your existing compliance gaps and which look likely to be flexible enough to adapt to future requirements as they emerge. To help in this task, look through the Capterra directory for data governance software, where you will be able to compare products by user reviews, features, cost and other important factors. 

With the tide of regulations continuing to rise, this search won’t be a one-off job. It’s more important than ever to keep an eye on the regulatory environment and make sure you continue to take appropriate measures – whatever the size of your business.