Co-founder and CTO, Impact
Continuing on our mission to bring first-hand insights into GDPR and its impact on global operations, we spoke to Roger Kjensrud, Co-Founder and CTO, Impact. Roger tells us about how GDPR could impact martech companies, particularly the ones based in the US but with a sizeable clientele in the EU.
Tell us about your role at Impact and the technology/team you handle.
I am a co-founder and the CTO of Impact. I lead all technology teams that build and operate a scalable and comphrensive software platform for digital marketers around the world.
Why was GDPR needed?
The consumers expect brands and companies to protect their personal data, and to obtain permission to use the data. Transparency on how to collect and use the data is key. For the businesses, it is to simplify and standardize the regulatory environment.
Yes, I believe it is needed. We have seen numerous examples of lax practicies around protecting and usage of data (Facebook – Cambridge Analytica, Equifax).
How would GDPR impact US martech companies who have customers based in the EU?
On one hand, it is impacting the requirements of their their technology and software. Any personal data (the defintion is pretty broad, including IP addresses) needs to be handled and stored in a secure manner. This requires them to categorize all data collected and processed to understand what is considered personal. The consumer can request the erasure of the personal data, which means the technology needs to support that as well.
One the other hand, it is impacting processes and procedures the companies need to follow. This includes: employee training and awareness, documented procedures to respond to data breaches (e.g., notify within 72 hours), appointing a Data Security Officer.
How should such companies prepare for post-GDPR era, including what type of requirements will be needed moving forward?
It starts with understanding the requirements of the GDPR. And that it is not a one-time thing. GDPR compliance is continuous journey where they have to ensure compliance as new products are built, as new employees join the company, as new customers come onboard and as the law and requirements are changing.
How GPDR will ensure martech companies’ data is in compliance with the new regulations?
Each EU member state has a supervisory authority, the so called Data Protection Authorities (DPA). The DPA is tasked with monitoring the application of GDPR. The details on exactly how it is enforced is sparse, but it is clear that if data breaches are not handled properly for example, there is a potential for fines. Also, if there is suspicion of violation (reported by a consumer) the DPA can order the company to provide information showing compliance. Furthermore, there could be audits, including access to premises.
What are the benefits of martech companies performing pseudonymization on any personal data before the data processor collects it?
This plays into the handling and storing the data in a secure manner, and the right to be forgotten. The martech company controls that the sensitive data is secured properly. It also forces the martech company to think about which data really needs to be shared with the data processor. In case of right to be forgotten, it is easier and less error prone if the martech company instructs data processor to erase based on the actual data shared versus data that needs to be pseudonymized by the processor before erasure can take place.
Why is it better for martech companies to not process personal data?
Because GDPR applies to companies that process and stores personal data. If personal data is not processed, then GDPR does not apply.
Why the EU is enforcing the new rules as a necessity for data protection? Will it affect the martech industry?
I believe this has to do with building trust with the consumer. If the consumer has trust, it benefits the business as well as the digital economy as a whole. Which is a refreshing idea when you consider a lot of the “hidden” or non-transparent data brokering and sharing in the tech industry.
Yes, it will affect the martech industry as I have touched upon in the previous questions.
Thanks for chatting with us, Roger.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org