• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

Preparing for GDPR: How to signal your intent to comply

Self-certification with Privacy Shield is just one way that companies can show that they intend to comply with the sweeping legislation.

Robin Kurzer on January 19, 2018 at 10:27 am
  • More

As the May 2018 deadline for the General Data Protection Regulation (GDPR) inches into view, many US companies — multinationals, in particular — are taking steps to make sure that they are in compliance with the legislation’s requirements and limitations.

But how do customers, partners and investors know which companies to trust?

There are several different ways a company can signal that data privacy is an important priority and show that they intend to comply with the law.

In fact, Article 42 of the GDPR (General Data Protection Regulation) calls explicitly for “the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.”

Of course, GDPR is an EU (European Union) law, but its implications are far-reaching. Since it covers EU citizens’ data no matter where it travels and the transfer of this data to other jurisdictions, global US companies must also comply.

Privacy Shield

Simply put, Privacy Shield is an agreement that governs the transatlantic transfer of data between the EU and the US. It was adopted in 2016 as a replacement for the less restrictive Safe Harbour agreement. By self-certifying, US companies are essentially making a promise that they will follow EU data privacy laws while receiving EU data.

Jessica B. Lee, a lawyer in advanced media and technology practice at Loeb & Loeb, said that companies who certify with Privacy Shield are showing that they are using best data practices.

“As the GDPR enforcement deadline approaches, we are seeing an uptick in interest in Privacy Shield certification,” Lee said. “For companies with clients who are based in the EU or have consumer data from individuals in the EU, the Privacy Shield serves the functional purpose of allowing for cross-border data transfers, but it also serves as a marketing tool. Companies subject to the GDPR are examining their vendors to ensure that their privacy practices are in line with the GDPR’s requirements. Having a valid Privacy Shield certification can help a company sell itself as a trusted vendor. Privacy Shield certification is not a minor undertaking. The incentive to self-certify won’t come from the ease of self-certification, but rather the ability to receive data from the EU and the marketing value.”

The US Department of Commerce runs Privacy Shield, and it’s enforced by the Federal Trade Commission.

Binding Corporate Rules (BCRs) and codes of conduct

BCRs are global policies and procedures a company prepares that apply to the handling of data both internally and externally. They were created by the EU as an alternative to Safe Harbour.

Eduardo Ustaran is a partner in the global Privacy and Cybersecurity practice at Hogan Lovells. He told me that like Privacy Shield, BCRs are essentially a framework of rules.

“It’s another mechanism to allow those transfers of data to be lawful,” Ustaran said.

This process can be onerous because controllers will need to go through a detailed approval process, but BCRs are seen as the gold standard of compliance, Ustaran said.

A code of conduct is another legal tool governing the transfer of data.

Article 40 of the GDPR calls for codes of conduct, essentially a set of best practices that act as a framework.

An example of this is the European Cloud Infrastructure Service Providers in Europe (CISPE) Code of Conduct. CISPE offers “trust marks” or badges that show membership. Amazon Web Services is a member.

Accounting audits

What do accountants have to do with GDPR compliance? The American Institute of CPAs (AICPA) has created the Service Organizational Controls (SOC) to reflect accountant-led audits of a variety of compliance issues, basically internal control reports that provide the type of information users need to assess and address the risks associated with outsourced services.

An SOC 2 report focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality and privacy of a system, according to the SSAE-16. Undergoing an SOC audit is yet another way that a company can show its commitment to GDPR.

It’s best to be prepared

No one really knows what will happen come May, but many large US companies are getting in gear by updating their processes and guidelines. By leveraging these certifications, contracts and codes, they can demonstrate those efforts to others.

Stay up to date on GDPR-related and other marketing technology news. Sign up for our newsletter below.

Note: By submitting this form, you agree to Third Door Media's terms. We respect your privacy.



About The Author

Robin Kurzer
Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.

Related Topics

Channel: Martech: Analytics & DataGeneral Data Protection Regulation (GDPR)

Subscribe to receive daily martech news and expert insights. See terms.

Processing...Please wait.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS

Next Event: Sept. 14-15

Available On-Demand: March 2021

Available On-Demand: October 2020

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • Gartner Magic Quadrant for Digital Experience Platforms
  • Selecting a Customer Data Platform For Your Organization: The 2020 Gartner Market Guide
  • The Complete Guide to Web Core Vitals
  • The New Era of Automation in SEO
  • Nielsen Annual Marketing Report: Era of Adaptation
See More Whitepapers

Webinars

  • Drive Customer Engagement with the Power of Personalization
  • 7 Use Cases That Prove Why You Should Implement DAM
  • Accelerate Your SEO & Content Marketing Program with 4 Key Milestones
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

On-Demand Free Training

Receive daily martech news and analysis.

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2021 Third Door Media, Inc. All rights reserved.