GDPR Compliance: Tactical Steps for Companies to Prepare

GDPR Compliance: Tactical Steps for Companies to Prepare

 

The deadline for the EU’s General Data Protection Regulation (GDPR) is creeping toward us, and it’s essential for companies to get their data ducks in a row to ensure they don’t fail the GDPR compliance test.

Below are some of the top takeaways from our recent webinar GDPR: Critical Steps You Must Take to Ensure Compliance with ObservePoint’s Clint Eagar and Tealium’s Chris Slovak.

A Few Things to Remember about GDPR Compliance

GDPR Applies to You

The truth about GDPR is that compliance is required for any digital company offering goods or services to EU citizens—even if those services are free. This makes GDPR a data privacy regulation with global scope. Failure to comply could result in a hefty fine.

Consent and the Right to be Forgotten

Consumers need to give explicit, informed consent before your company can gather data about them. End of story.

In addition to mandatory consent, the GDPR also mandates companies must uphold the right to be forgotten. The right to be forgotten means that EU citizens can require companies to erase their data sets, which must be deleted without undue delay (within 24 hours).

Data Governance Is about Gaining Trust

Customer-centric businesses use data governance to protect their customers and gain their trust and loyalty. Working towards GDPR compliance can help companies reevaluate how their data collection practices should protect the consumer.

Getting Ready for GDPR

Here are 5 steps to help you get on track for the May 2018 deadline:

  1. Know Your Vendors
  2. Build a Data Inventory
  3. Build Controls, Develop Policies and Procedures
  4. Create a Data Governance Panel
  5. Provide Clear and Accurate Notices and Communications

1. Know Your Vendors

First 30 days: start creating a database of all technologies deployed on your site. Know where your data is being sent and how it is being used.

First 1-3 months: document all of your technologies. This is part of what GDPR refers to as an ongoing data protection impact assessment (DPIA). You should be able to answer the questions:

  • Who is the business owner?
  • Why is this technology on our site?
  • What data is being collected? Is there personally identifiable information (PII)?
  • Where is the data being stored? How is data transferred?
  • Who has access to this data?

Make sure to continue to update this list over time.

2. Build a Data Inventory

Building a data inventory involves the following steps:

  1. Agree on data sensitivity both from a legal and experience perspective.
  2. Agree on the data needed to run marketing vs. operations.
  3. Document data requirements for running the business.
  4. Document where the data is stored.
  5. Check vendor integrations.

As part of this process, you need to know where your data is being stored and transferred. Any personally identifiable information should remain as secure first-party data so that you’re not putting your customer’s PII at risk.

3. Build Controls, Develop Policies and Procedures

Building controls, policies and procedures involves the following steps:

  1. Verify proper contracts with your vendors, outlining how data is to be used.
  2. Create governance policies and processes.
  3. Update internal and external communications. Know how data is being shared.
  4. Configure vendors for least access to data.
  5. Create data audit guidelines and tests.
  6. Test and audit internally for compliance.

A designated data governance executive should be appointed to serve as the gatekeeper of all technologies and data being used, and should lead efforts in privacy, auditing and the right to erasure.

4. Create a Data Governance Panel

Your data governance panel should be comprised of all stakeholders responsible for ensuring data is used properly and vendors are selected cautiously. This panel could include the IT department, your legal team and your head marketers.

5. Provide Clear and Accurate Notices and Communications

  1. Update your privacy policy.
  2. Provide customers with explicit opt-in/opt-out.
  3. Communicate with technology vendors on evolving data usage and compliance.
  4. Ensure the right to be forgotten.

GDPR Compliance as a Competitive Differentiator

While working toward GDPR compliance will likely put a strain on companies’ resources, customers will respond positively to brands that value privacy. Companies should take advantage of the requirement to comply by being transparent with customers about efforts to respect their privacy and identity.

Putting the customer at the center includes protecting their data. Consequently, working toward GDPR compliance will make it that much easier to delight customers.

 

Related Posts

The Value of ObservePoint Infographic

Understand how the ObservePoint platform solves problems for website analytics, customer experiences, and privacy compliance.
Read More

30,000 Foot View: The Value of ObservePoint

A quick explainer on the value of ObservePoint and how the platform solves the complexity of dynamic websites.
Read More

How ObservePoint Supports Your Privacy Program

Supplement your privacy program and consent management platform with an automated solution that helps confirm everything is working.
Read More

The Case for Privacy Compliance

Why does privacy compliance matter? And why use ObservePoint? This one-page document boils it down for executives and legal teams.
Read More

How Ecomm Giants Keep their Websites Functioning Through Peak Traffic

We’ve collected stories from our customers in the retail industry to showcase what they do to maintain governance over their websites.
Read More

Room & Board Saves Time and Money with BL.INK & ObservePoint Integration

According to Room & Board, their initial investment in BL.INK and ObservePoint has resulted in a 16.3x monetary return and a 3.5x labor return.
Read More

The Value of ObservePoint Infographic

Understand how the ObservePoint platform solves problems for website analytics, customer experiences, and privacy compliance.
Read More

30,000 Foot View: The Value of ObservePoint

A quick explainer on the value of ObservePoint and how the platform solves the complexity of dynamic websites.
Read More

How ObservePoint Supports Your Privacy Program

Supplement your privacy program and consent management platform with an automated solution that helps confirm everything is working.
Read More

The Case for Privacy Compliance

Why does privacy compliance matter? And why use ObservePoint? This one-page document boils it down for executives and legal teams.
Read More

How Ecomm Giants Keep their Websites Functioning Through Peak Traffic

We’ve collected stories from our customers in the retail industry to showcase what they do to maintain governance over their websites.
Read More

Room & Board Saves Time and Money with BL.INK & ObservePoint Integration

According to Room & Board, their initial investment in BL.INK and ObservePoint has resulted in a 16.3x monetary return and a 3.5x labor return.
Read More