Getting Ready for GDPR

G-D-P-R is an abbreviation that could be among the four most important letters in digital marketing privacy compliance.

It is shorthand for the General Data Protection Regulation, and in May 2018 it will become the privacy and data handling standard for the European Union.  If your company has even one customer in the EU, you need to know the ins and outs of the GDPR and start preparing now.

Dr. Karsten Kinast, a data protection and privacy researcher at the firm KuppingerCole and an expert in GDPR, explained these ins and outs in a Nov. 10 webinar sponsored by Gigya, and the replay is available now.

“Simply working on what you need to do to comply with GDPR and documenting it will take a long time in the manner the GDPR will ask you to do it,” Kinast said in the webinar.

Yet Kinast believes customer data collection and the GDPR can not only coexist, but that some of the requirements of the GDPR, such as customer opt-ins, can even improve the user experience and drive revenue.

“The GDPR tries to get things done more practically, tries to combine the business needs with the data subjects’ rights – that’s all of us – to know what is being stored,” he said.

It helps to think of customer information as digital currency that organizations need to protect and maximize, while at the same time allowing customers to have control over their data.

“The data transparency required in GDPR is something that can change a situation of a company tremendously, so it is important to be prepared to give answers to users, to be able to tell someone what is stored about himself or herself,” Kinast said.

Among the many specifics of GDPR that Kinast covers in the webinar are:

  • Key compliance requirements
  • How to comply without eroding user experience
  • Why you need a Data Privacy Officer
  • Requirements for obtaining valid user consent
  • Obligations to conduct Data Privacy Impact Assessments
  • How to manage data breaches                                                                                                  
  • What the “Right to be Forgotten” means (and how you satisfy the conundrum of complying with a request to erase data while maintaining a record that proves you erased the data)

The time to start on GDPR planning is now, and we hope listening to this webinar helps you understand the road ahead.

By Jason Rose