• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • Follow Us
    • Follow
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
    • Follow
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

What the GDPR means for your business

With the General Data Protection Regulation (GDPR) clock winding down, companies are scrambling to decipher what it means for their business and how to become compliant. Columnist Josh Manion explains.

Josh Manion on April 12, 2017 at 3:59 pm
  • More

By now, most companies who do any business in the EU are aware of the General Data Protection Regulation (GDPR), which was approved by the EU Parliament on April 14, 2016, and goes into effect on May 25, 2018.

The GDPR replaces the Data Protection Directive 95/46/EC. Organizations found in non-compliance will face heavy fines: €20 million or 4 percent of global revenue per infraction. This could mean millions, or even billions of dollars in fines for large companies.

The new regulation requires companies to implement entirely new processes and procedures around the collection and storage of personally identifiable information (PII) and goes on to define PII as any information that relates to an EU resident’s private, professional or public life (IP address, banking information, email addresses, social media posts and so on). Much of the new regulation goes into making sure that this PII is stored with a person’s permission, used for the specified purpose for which it was obtained and for a duration that makes sense, given the initial reason for obtaining the data.

Unlike previous privacy regulations, everyone fully expects that the GDPR will be enforced on day one with no grace period. Beyond that, the GDPR also allows for the creation of Supervisory Authority (SA) agencies to hear and investigate complaints, who also will have the authority to sanction administrative offenses. You can read the full text here, but I have broken it down to the four main components:

1. Data collection

The regulation will apply to all data, whether it was collected online or offline. You must provide notification about the data you intend to collect and how it will be used, and you must gain consent BEFORE any data is collected. This is a big challenge for your digital properties. There are very few solutions available that can block data collection on the first page visit, without requiring you to recode your website.

Consent must also be clear and concise and be provided in an easily accessible form that EU residents can also revoke at a later point in time. Worth noting is that the GDPR explicitly highlights that inaction cannot be considered consent. To maintain compliance, you’ll need to ensure customers have given consent before passing information about them with a service that places any identifying cookies on their machines.

2. Data storage

Data storage solutions must be designed to protect data and maintain data privacy (privacy by design). Security measures must be put in place to protect data, including unambiguous rules pertaining to access and appropriate authentication to access sensitive data. Authorizations must be kept up to date to ensure proper access rights, and all data must be audited. To meet these requirements, you will need infrastructure that:

  • recognizes sensitive data by routinely inspecting content.
  • automates data access processes, including those to grant, review and revoke access.
  • evaluates and monitors access to data.

Organizations must have the ability to easily delete personal data, complying with the right to be forgotten, and build solutions to manage the data subject’s right to access their data and take their data with them (data portability).

3. Data transfer

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to other countries or international organizations. You may transfer personal data where the organization receiving the personal data has provided sufficient safeguards. Individuals’ rights must be enforceable, and legal remedies must be available following the transfer. Personal data may only be transferred outside of the EU in compliance with the stipulations specified in Chapter V of the GDPR.

4. Internal and external oversight

Companies with more than 250 employees will need to appoint a dedicated Data Protection Officer (DPO) whose roles and responsibilities must not cause a conflict of interest related to the protection of end user’s information.

In addition, companies must be able to prove compliance when audited by a Supervisory Authority, which includes the ability to prove that consent was received for collected information. As I mentioned earlier, you’ll need a solution that can provide an event-level audit log to prove compliance.

The clock is ticking

Companies will spend millions of dollars bringing their entire enterprise into GDPR compliance, and I suggest compartmentalizing compliance areas to make the task more manageable. Some of the most visible data collection points are our public websites, making these one of the easiest areas for a consumer (data subject) or Supervisory Authority to prove non-compliance.

Luckily, it can be simple to bring your website into compliance by using a solution that adds consent controls to hundreds of marketing tags through a single line of code and skipping the need to recode your tags/pages. Make sure that you select one that makes you compliant on the first page visit by blocking unauthorized data collection, allows you to configure rules about how and where PII data is sent, allows you to easily adjust data collection rules by region or type of data and doesn’t require you to recode every page on your site or set up separate sites for those who opt in vs. opt out. (Disclosure: I’m the CEO of a company that provides a GDPR website compliance solution.)

If you haven’t already, I’d strongly suggest beginning to plan for the GDPR today and give your company adequate time to review and begin implementing all the process and organizational changes required before the clock runs out next May.


Opinions expressed in this article are those of the guest author and not necessarily MarTech Today. Staff authors are listed here.



About The Author

Josh Manion
Josh Manion currently is the CEO of Vault JS, a company focused on securing 3rd party technologies for the enterprise. Prior to Vault JS, Josh was the Founder and CEO of Ensighten a tag management technology. Prior to Ensighten, he served for seven years as the CEO of Stratigent, a web analytics and marketing optimization consultancy. Josh has played chess professionally and is currently ranked among the top 60 players in the United States. He holds a degree in Management Science with a focus on Information Technology from the Massachusetts Institute of Technology (MIT).

Related Topics

Channel: Martech: Analytics & DataGeneral Data Protection Regulation (GDPR)Martech Column

Subscribe to receive daily martech news and expert insights. See terms.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • The State of Local Marketing Report 2020-2021
  • Quality CRM Data: The Key to Delivering Great Customer Experiences
  • How the Microsoft Search Network Can Maximize Your Search Campaigns
  • The Marketer’s Playbook for Customer Acquisition
  • How To Optimize SEO With UGC
See More Whitepapers

Webinars

  • How to Avoid the Digital Transformation Trap
  • How to Build a Marketing System of Record
  • Meet BIMI: The brand-boosting email security marketers must have for 2021
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Receive daily martech news and analysis.
Martech Today
Download the Martech Today app on iTunes
Download the Martech Today App on Google Play

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars
  • MarTech Conference

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff
  • Connect With Us

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • Instagram
  • RSS
  • iOS App
  • Google Play

© 2021 Third Door Media, Inc. All rights reserved.

Your privacy means the world to us. We share your personal information only when you give us explicit permission to do so, and confirm we have your permission each time. Learn more by viewing our privacy policy.Ok