E N D
Countdown to GDPR: Readiness Check
Data makes it possible to create personalised experiences and offers to prospective customers. However, with events such as the GDPR regulation and the Facebook - Cambridge Analytical data scandal surfacing recently, it is becoming increasingly difficult to source data. Add to the fact; Facebook announced that it had closed its Partner Categories program. With a few days to GDPR effectivity, there is an unspoken question as to how marketing professional choose to position themselves. Whether they have opted to be GDPR compliant or look for alternative ways to collect and manage data remains to be seen. On a marketing perspective, there is no evil at all with data collection. However, it is probably the manner data is collected, what purpose the data is being used for and the transparency or practice of keeping data subjects informed of which personal data is being used that matters more importantly. Some of these concerns have been tackled in detail in the GDPR articles. Had these things been in place right from the start, customers wouldn’t have felt they are beings spied upon with overly personalised offers.
With the GDPR regulation in EU in place and the recent closure of Facebook’s Partner Categories, brands and marketing professionals are left to decide how they should be sourcing their data. Stricter permission requirements are upon marketing professionals, and this means limited access to data. Those who have opted to focus on double their efforts on first-party data collection may develop in-house strategies to gain more insights about their customer base. For example, Interactions LLC uses a blend of artificial intelligence and human understanding through “virtual assistants” to offer more natural human conversations. On the other hand, for agencies who have chosen to be GDPR compliant, there may be much work to expect on top of having prepared the requirements - testing which strategies will work for GDPR and their customers and get the most returns out of their efforts - to name a few. If your company is one of those, Brian Philbrook shares his advice on the five items below that should top your last-minute GDPR checklist.
Have a data map The article 30 of GDPR requires data controllers to have a record of processes with high-level attributes as well as more detailed data map that provides information as to how data is transferred between different entities such as IT, applications and vendors throughout processes. A data map is essential in many GDPR requirements such as responding to breach notification or data subject requests. Document your legal bases There are six different legal bases by which GDPR considers the processing of personal data as lawful. This means that at a minimum, data controllers should identify and document legal bases of all their data processing activities that are subject to GDPR compliance. For example, data processing that requires data subject’s consent should have a system for obtaining requests, managing records of consents but also allow a withdrawal process. These stipulations are detailed under Article 6.
Update your privacy notice Articles 13 and 14 provide data subjects with the right to be provided with certain information that involves the processing of their data. Such data include the data protection officer’s contact details, purposes of data processing, legal bases, etc. All these information should be provided in a concise, clear and plain language that is easily accessible. Also, notice to data subjects should be properly notified of any updates to the privacy notice through emails, letters, pop-up or whichever form of communication is deemed most effective. Facilitate data subject access requests Article 12 of the GDPR states specific requirements for data controllers in enabling data subjects to exercise their rights such as the right of access, right of erasure and the right to portability. Recital 63 of the GDPR also states that data controllers should be able to provide “secure” remote access to data subjects’ data. Thus, being said, data controllers should come up with a process of securely transmitting and communicating data to data subjects.
Update your cookie practices The ePrivacy Directive states that there should be unambiguous consent from data subjects when it comes to storing and retrieving of any information from end users. Consent should be freely given and specific, and not assumed. Also, withdrawal of such consent should be just as easy as obtaining it. These are a few of top must-have items on your checklist. However, anticipate ongoing talks as stakeholders discuss how GDPR fits into their overall marketing ecosystem. A lot of aspects may yet expect refinement after the GDPR is in place. Source: http://digitalmarketingauthority.blogspot.com/2018/05/countdown-to-gdpr- readiness-check.html