In May 2018, all multinational marketers will have to comply with the EU’s General Data Protection Regulation (GDPR), which governs consumer data collection, storage and usage practices. But many of them remain unsure about what they need to do.

The legislation, which is designed to give consumers in the EU more control over their personal data, lays out requirements for data collection, storage and use, and will impose potentially devastating fines on companies with poor data-handling practices or that experience data breaches in which they are found at fault. Regulations may be limited to the personal data of consumers residing in the EU, but they apply to any company handling, transmitting or storing that data, whether it has a physical location in the EU or not.

Today, the majority of companies feel unprepared for GDPR and all that it requires. Some are working on what could be called table stakes: reworking privacy policies and implementing consent practices. Just as many have moved on, perhaps to struggle with “privacy by design” principles and properly modify their data collection and purging practices for the road ahead.

In the short term, marketing databases are likely to lose some of their value, as consumers opt out. It’s also likely that third-party data will lose some of its richness, though what remains is also likely to be cleaner and more reliable.

These insights are drawn from eMarketer's latest report, "General Data Protection Regulation (GDPR): What Companies Need to Know Now." The report explores GDPR and outlines the major changes to consumer data collection, storage and usage practices that will affect multinational companies engaging with EU consumers. eMarketer PRO subscribers can access the full report here. Nonsubscribers can learn more here.