Image by Harakir on Pixabay
In just a few days, the General Data Protection Regulation will finally go into effect, impacting how companies collect and process personal data like never before. Although the GDPR is a European Union law, it affects every company that deals with the data of end users in the EU, and packs a punch for non-compliance — up to 4% of annual global turnover or 20 million euros (whichever is greater).
The GDPR and data privacy are just a couple of the topics we’re tackling at Postback 2018. Held over July 19-20 in Seattle, Postback brings together the best minds in the industry to network, share ideas, and build lasting relationships that drive the future of mobile marketing.
In this blog post, we’ll address how well companies have prepared for the GDPR, its impact on different regions, and how those with the most at stake plan to manage their business moving forward.
Some Companies Are Ready (And Some Definitely Are Not)
Even though the GDPR enforcement deadline is this Friday, there’s a lot of discrepancy in preparedness among brands. According to a survey by WinMagic, ahead of the GDPR deadline, 62% of IT decision makers describe themselves as confident, while 18% say they are nervous.
In addition, half (51%) of companies say they’re ready and able to remove personal data from their servers (including back-ups) — but almost a quarter (20%) of companies are not. And analytics firm SAS reports that 46% of UK and Irish companies won’t meet the deadline, and only 7% of businesses worldwide appear to be fully compliant.
Yet the biggest impact may actually be felt outside the EU, where there are less stringent regulatory privacy expectations — and, as a result, more companies that may have had a larger data privacy gap to make up. In the U.S., for example, citizens don’t have the same expectation or codified right to privacy as they do in the EU. The U.S. has privacy laws for “sensitive” data, such as healthcare or financial information, but is more lax when it comes to less sensitive “general” data.
An Ounce of Prevention
Companies with the most at stake have likely already put systems in place to prepare for the GDPR and are planning to weave compliance into their infrastructure in the coming years. We’ve seen companies take the following approaches, some of which you may want to adopt as your own if you haven’t yet:
- Implementing privacy policies and procedures
To cover all your bases, have professionals implement policies and procedures to affect end user rights, including right to access, right to erasure, and right to data portability, among others. Appointing a privacy point of contact is also crucial.
- Taking inventory of your data collection points
What information do you hold, and how do you get it? Knowing the specific locations where you collect and process data (including apps, websites, cookies, and tags) will help you cut down on unnecessary information.
- Helping every employee understand their role
All companies should take steps to help everyone in the organization understand the GDPR and how they can contribute to compliance. That includes reminding employees of privacy best practices, such as not sharing customer data with external parties.
- Informing your customers at every chance
Finally, as you may have noticed from the barrage of GDPR-related emails hitting inboxes recently, the next step is to make your data handling clear to customers, including how they can access their data, update it, and request to have it deleted.
“This regulation is unprecedented in impact and scope in the digital advertising world, and will serve as a differentiator for organizations ready to embrace the new normal for data privacy and security.” — TUNE CEO Peter Hamilton
Learn More
Ultimately, the GDPR is designed to make the industry more transparent, improve customer trust, and minimize the risk of breaches. Though it’s a lot to get in place for companies who haven’t been focusing on these best practices, it’s designed to be a good thing for everyone — marketers and consumers alike.
Read more about what TUNE is doing to prepare for the GDPR here.
The GDPR and data privacy are just a couple of the topics we’re tackling at Postback 2018. Held over July 19-20 in Seattle, Postback brings together the best minds in the industry to network, share ideas, and build lasting relationships that drive the future of mobile marketing.
Author
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.
Leave a Reply
You must be logged in to post a comment.