Is your business ready for GDPR? Here's a rundown of the new EU privacy laws and how to adapt your digital strategy to ensure compliance and competitivity.
First and foremost, we are not a law firm. All of what follows is based on best practices,
Just what is GDPR
The General Data Protection Regulation (GDPR) is a European Privacy Law that will come into effect on May 25th, 2018.
It should sound terrifying. The fines are steep for non-compliance. They could amount to €20 million or 4% of annual global revenue. There is no grace period. Shudder.
There is a bright side to GDPR.
Shift your perception
The bad news is out of the way,
Which leads us to the two pillars of Privacy by Design: Transparency and Accountability. These two concepts must be woven tightly into the fabric of your digital strategy going forward.
Transparency covers consent to data collection, the kind of data we are collecting and how we use and store it.
Accountability means timely notifications of data breaches and the rights of individuals to be forgotten and to rectify data.
There are many more detailed points in the regulations, but for digital
3 Biggest Challenges affecting Digital Marketing Strategy
Let’s answer some of those questions our terrified digital marketer has about GDPR.
Consent will still work the same, just under the new regulations, we can´t be sneaky about it (yes, we have been sneaky about it). Tricks like pre-checked boxes, hidden legal text and lack of opt-outs are now off limits. The language and the opt-in must be clear and concise, as well as the consent method. In addition, functionality can no longer be held hostage to data consent unless that functionality is tied directly to the usage of the collected data. For example, if I ask for a birth date and none of the functionality on my
What about old data? Marketers and companies should take an inventory of all current forms and ensure that the way that consent is collected is compliant. The level of compliance will determine if that data collected previously can be legally used or if you must gain consent again. This is not a bad thing. It is another great opportunity to have a touch point with your customers and show them just how much you care about their data rights.
The definition of personal data has been broadened under GDPR. It includes anything that could identify a “natural person” even in combination or after processing. For instance, a person’s IP address, browser history, demographic data and anything else that, added up, could lead to the identification of a person. More of the data we normally collect as digital markets now
Users have more rights to their data as well. This includes the right to be forgotten, the right to portability of data and the right to correct wrong data that could be detrimental. Users are also protected from automated decision making based on processed data. Examples
The biggest change in data protection in the new regulations is the notification requirement. All the other standards around encryption, handling