Data Protection Compliance [Recap]

This post highlights a recent presentation by Ted Sfikas and Clint Eagar at Validate 2017, a data governance boot camp hosted by ObservePoint.

Nervous about the upcoming GDPR deadline? You’re not alone—47% of businesses fear they won’t meet the requirements for GDPR.

Many might see GDPR as an unyielding regulation that could cause some serious damage for companies that fail the compliance litmus test. Well, that’s perfectly true.

But on the other hand, glass-half-full opportunists see GDPR as a chance to clean up their act and differentiate their company. Companies who rededicate themselves to data privacy and security could get an edge on the competition by appealing to the customer’s desire for disclosure.

In reality, GDPR could be a blessing in disguise.

Nevertheless, GDPR compliance isn’t any less real, and it’s up to organizations to make the necessary changes.

Here are some tips from Tealium’s Ted Sfikas, Director of Solutions Consulting, and ObservePoint’s Clint Eagar, VP of Data Governance, who recently presented at Validate 2017 about GDPR.

Reign in data leakage

Data leakage is the unauthorized transmission of data (or information) from within an organization to an internal or external destination or recipient. Leakage can happen as a result of piggybacking tags, rogue accounts or other unauthorized means.

Data leakage could be one of the primary issues around which fines may be assessed. Performing your due diligence to uncover and document all vendors on your site is 100% necessary to avoid having the EU throw the book at you.

Tag Initiators allows ObservePoint users to easily map out what tags are firing on their site so they can identify potential threats.

Provide explicit consent and transparency

GDPR requires all data collection and automation to be a fully transparent process, and users must opt in to be included in the data pool.

Consent cannot be implied—it must be freely given, specific, informed and unambiguous. This also means companies must be able to provide verifiable parental consent for minors.

Observe the right to be forgotten

The right to be forgotten gives consumers full control of their own data. Specifically, this means:

• Upon request, companies must erase personal data without undue delay (24 hours).
• GDPR requires data portability, meaning consumers have the right to “move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability” (Information Commissioner’s Office).
• Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Preparing for GDPR

Without sounding too dramatic, GDPR is upon us, and needs to be dealt with appropriately. To learn more, check out these additional resources:

Preparing for GDPR

Validate 2017 is a hands-on, technical boot camp where data governance teams and analytics professionals hone their digital analytics skills and learn to drive more results with their marketing technologies.