A directive sets a goal to achieve, but lets individual countries decide how to reach that goal. A regulation is a legally binding legislative act across all member countries.
In their 2016 US Consumer privacy research, TRUSTe/NCSA found that 92 percent of US Internet users worry about their privacy online, 44 percent have withheld personal information for fear of inappropriate use, and 89 percent avoid doing business with companies that do not take steps to protect their privacy (1).
In response, regulators and legislators around the globe are moving quickly to enhance privacy protections and address widespread consumer concerns about data and identity theft, unwanted communications and behavior tracking.
In a general context, ePrivacy includes the need for affirmative consent for all electronic communication (such as emails and texts) and the rights of data and privacy protection. It affects cookie consent (use of certain cookies must now be explicitly approved by the site visitor), and it affects confidentiality of any identifying information about the consumer.
With the implementation of the GDPR in May 2018, the anticipated passage of the new ePrivacy Regulation is meant to complement the GDPR to achieve uniformity across the EU in regard to consumer privacy. The regulation is an escalation from the former ePrivacy directive, with the intent of standardizing and enforcing the definition of "ePrivacy."
Previous directives were loosely enforced with inconsistent consequences for violations. Each member country was able to decide how best to reach the goals stated by the directive. Once finalized, the ePrivacy Regulation will provide a common definition with clearly stated consequences. The potential fines for violation are the same as non-compliance with GDPR: up to 20 million Euros or 4% of total global revenue.
Very likely, yes. If you are currently communicating with EU natural persons (either as a data controller or data processor), your company will be held to the standards set by the pending ePrivacy Regulation and the GDPR. For every EU natural person that provides their contact information, you will need to also capture their express consent prior to sending them marketing communications. Read more.