Industry Stalwarts Breakdown What GDPR Means To Them And How You Can Plan Ahead
Any business, US or foreign, that does not comply with the new regulations could be forced to pay fines of up to €20 million or 4% of global revenue. That’s enough motivation for any company to think about their plan to cope with the new regulation.
Here’s what the industry stalwarts had to say about what GDPR means to them;
Dan Storbaek, CEO and Founder of Securityprivacy.ai.: With GDPR, we’re now moving into more granular notifications that are more specific and easy to understand. At the same time, data controllers have a significant responsibility to document and be able to provide evidence of proper consent. While the upcoming ePrivacy regulation remains to become final, we will most likely see a mix of consent management handled from software, e.g. Internet Browsers, and Individual Websites.
Our platform is moving into Machine Learning and AI. For us, the Holy Grail is taking complex legal work and simplify it with technology. We are moving into machine learning and AI, which allows us to collect publicly available data about regulations, industries, language etc., and provide automated consent management optimized towards different audiences.
John Steinert, Chief Marketing Officer of TechTarget: We welcome GDPR at TechTarget, as the relevant compliance efforts will initiate a more unified environment for marketers and a stronger relationship with their customers. GDPR is all about complying with an evolving sense of best practice, so marketers will only have a problem if the data they’re sourcing is of unknown and unmanaged provenance. It doesn’t really affect ABM platforms per se, it’s about the data — and the sourcing and management of it — that is being used. If you’re identifying a company through an IP lookup and using an email in your database that is permissible, for instance, there’s no issue. But if you’re obtaining email addresses from other sources that aren’t GDPR-compliant, then you could have a problem.
What GDPR means for marketers’ futures remains to be seen, but the bottom line is that marketers need to know where their data came from, the source needs to be compliant and they need to be able to manage the data competently. This won’t derail the way current processes are handled, it will just require more rigor and process capability. If companies already have mature data handling processes, they shouldn’t have any issue.
Todd Ruback, Chief Privacy Officer & VP of Legal Affairs at Evidon, Inc: The first step for marketers is to create a high-level GDPR action plan, which should look something like this:
- Determine how the GDPR applies to you – If you are reading this post, pretty safe to assume that it does. Any company that collects, stores or processes consumer data, or who uses vendors to do so, is covered.
- Know what data your business collects and why, so you can determine if you need to obtain explicit consumer consent. Consent is the most important aspect of the GDPR, partly because the data protection authorities can easily see if it is in place by checking marketing touchpoints such as your website, and partly because infringements of the conditions for consent attract the higher level of penalty.
- Develop an internal privacy impact assessment (PIA) process. PIAs allow your business to systematically analyze data flows and the associated risks to data privacy, and to find the most effective way to comply with data protection obligations. Establishing this process will plant the seeds of an internal compliance group.
Look at your tech stack and identify where it can integrate into middleware identity management systems or other databases to automate as much of your GDPR obligations as possible. For instance, you may be able to deploy a consumer-friendly consent management tool where an individual can exercise their new GDPR rights such as the right to object to profiling. You need to be able to receive a signal expressing this opt-out choice and then honor it, or risk severe penalties.
Mark Bembridge, CEO at Smartology: Smartology straddles the worlds of media owners, agencies and advertisers, so has a unique perspective on current and future trends in the market. 2017 has seen digital advertising suffer severe growing pains and these are unlikely to disappear in the near future. However, they are paving the way for a more transparent, effective and robust industry, that will better serve the needs of advertisers, publishers and consumers.
Kris Lahiri, Data Protection Officer and Co-Founder at Egnyte: As businesses grow their global footprint they are responsible for managing customer PII in a variety of different countries, which presents a number of difficulties when it comes to following proper security and compliance regulations, like the GDPR. Our goal is to simplify compliance by providing a single platform with easy-to-use tools that businesses can trust to securely manage all of their content, in whatever country they are doing business in.