O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

120 visualizações

Publicada em

Speaker: Matt Skinner, Head of Digital Strategy and Data, Proctor + Stevenson

The General Data Protection Regulation represents the biggest change to European data laws in decades. It comes into effect on May 25th, 2018, and if you haven’t already chalked out a compliance roadmap, it’s high time you did. The regulation has far-reaching effects and will have a significant impact on any firm that does business in the EU. 

This session is designed to give you a complete overview of GDPR and what it entails. Get an understanding of the regulations introduced, and what it means for your business: data security as well as marketing communications. Join the webinar to plan out your seamless transition into GDPR compliance. 

Who's This For 
- Technology professionals 
- Senior marketing professionals 
- Anyone working with agencies and clients in the EU, looking to understand the complete impact of GDPR 

What's In It for You
- General overview of GDPR, what it means 
- Know how enterprises should prepare for it 
- Understand its impacts on data collection, websites, and comms 
- Review data security and GDPR’s potential long-term impact on the marketing industry 

View our complete series of webinars at: www.srijan.net/webinar/past webinars

Publicada em: Marketing
  • Seja o primeiro a comentar

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

  1. 1. Is Your Business Ready for GDPR? Matt Skinner | Head of Digital Strategy & Data| Proctor + Stevenson #SrijanWW | @srijan
  2. 2. A few of our current clients…
  3. 3. WHAT IS IT? • Regulation to strengthen and unify data protection for individuals within the European Union • Affects the collection, processing and profiling of personal data • Will impact businesses globally • Approved May 2016 • Deadline for compliance: 25th May, 2018 • Updates and clarifications are ongoing
  4. 4. #SrijanWW | @srijan 1. Personal Data - any information relating to an identified or identifiable natural person. 2. Data Controller - the person/entity which determines the purposes and means of the processing of Personal Data. (Master company) 3. Data Processor - a legal entity that processes Personal Data on behalf of a Data Controller. (Outsourced providers, agencies etc) 4. Processing - any operation which is performed upon Personal Data, whether or not by automated means eg: to collect, store, use in any way etc Key Definitions
  5. 5. #SrijanWW | @srijan ● Put individuals back in control of their data ● Create a balance of power between businesses and customers ● Promote transparency ● Harmonise data protection law across the EU ● Make data laws fit for the digital age GDPR: Aims
  6. 6. #SrijanWW | @srijan Anything that identifies an individual. For example: ● Full name ● Job title ● Email address ● Direct phone number ● Data relating to an individual's actions or behaviours ● Computer IP address Any data held on an EU or UK citizen will need to comply. Data on EU citizens will be treated the same, wherever it’s held. What is Personal Data?
  7. 7. #SrijanWW | @srijan The Personal Data you hold must be: ● Fairly and lawfully processed ● Processed for limited/specified purposes ● Given the purpose of the processing, data must be adequate, relevant and not excessive ● Accurate and up to date ● Kept no longer than necessary ● Secure Data Controllers are responsible for demonstrating compliance with these principles Usage of Personal Data
  8. 8. #SrijanWW | @srijan ● A warning in writing in cases of first/non-intentional non-compliance ● Regular periodic data protection audits ● A fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater ● A fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater Sanctions
  9. 9. #SrijanWW | @srijan Legal Grounds for Processing Data
  10. 10. #SrijanWW | @srijan The GDPR imposes a general obligation on Data Controllers and Data Processors to adopt technical and organisational measures in order to ensure that the Personal Data you hold is kept secure. For example: ● Secure use of staff equipment and IT systems; ● Encryption of digital data; ● Clear desk policy and secure storage of hard copy documents; ● Understand and respect confidentiality obligations and sensitivity re the information you hold; ● Transfer of data between controller and processor Security
  11. 11. #SrijanWW | @srijan Sometimes you will provide Personal Data and/or allow access to your systems to third parties who will work for you. If so, you must… • Enter into a written agreement (Data Protection Agreement) with the third party that includes assurances re. data protection • Ensure the third party is aware of your expectations and requirements around the use of your personal data • Consider the third parties you work with in terms of risk. An agency’s responsibilities under GDPR now link all of their clients together. If one client suffers a breach, it can potentially affect all clients. Third Parties
  12. 12. #SrijanWW | @srijan Impact on Comms and Marketing
  13. 13. GDPR
  14. 14. ‘Data harvesting’ will be become impossible Marketing databases will become smaller… …but their value will increase List brokers will become near-obsolete The way data is collected will need to change – “conditional” and “incentivised” provisions mean that common digital marketing strategies will become riskier GDPR Impact on Comms and Marketing
  15. 15. GDPR How users currently enter database Communications sent Website CRMManual addition Bought in list Marketing database (held indefinitely)
  16. 16. GDPR Volume
  17. 17. 188,887 contacts in the database 29,985 contacts have opened an email in last 6 months GDPR Volume
  18. 18. 188,887 contacts in the database 3,646 have clicked through from an email in the last 6 months GDPR Volume
  19. 19. This means that 98% of the contacts in the database have never clicked on an email GDPR Volume
  20. 20. Contact management In comparison to other system users GDPR Volume
  21. 21. Campaign management In comparison to other system users GDPR Volume
  22. 22. GDPR In detail
  23. 23. Legal grounds for processing data GDPR In detail Consent Legitimate interest Public interest Vital interest Law Contract No processing allowed without a legal ground (exhaustive list) !
  24. 24. GDPR In detail Can I use legitimate interest?
  25. 25. GDPR In detail Can I use contractual grounds?
  26. 26. GDPR In detail How do I continue to avoid relying on consent?
  27. 27. GDPR In detail How do I only rely on consent?
  28. 28. GDPR In detail If your marketing communications are not worth saying yes to, you have a problem with your marketing communications.
  29. 29. GDPR Consent
  30. 30. GDPR Consent Consent Clear affirmative action by data subject (no pre-ticked boxes) When in writing, be clearly distinguished from other matters Be authorised by a parent if given by a child (<16) in relation to online services Be recorded so you can demonstrate consent was given can be withdrawn at any time Freely given, specific, informed and unambiguous
  31. 31. A contractual requirement unless necessary for performing the contract (ie: entering a prize draw) Tied to something else The default ie: Pre-ticked, opt out GDPR Consent Consent cannot be:
  32. 32. Specific, informed and unambiguous Period of retention must be made clear You must not collect more data than is necessary GDPR Consent Consent needs to be:
  33. 33. We need to shift the audience mindset from I don’t object to receiving marketing communications GDPR Consent
  34. 34. To I want marketing communications GDPR Consent
  35. 35. GDPR Consent
  36. 36. GDPR Consent
  37. 37. GDPR Comms Strategy
  38. 38. Treat your comms strategy as a new service line. A separate, standalone subscription service. Manage it as such. GDPR Comms Strategy
  39. 39. Utilise existing systems and channels to promote this service. GDPR Comms Strategy
  40. 40. At every point you speak to or contact a customer, include an option to gain consent. GDPR Comms Strategy
  41. 41. Offline consent process GDPR Comms Strategy
  42. 42. How users currently enter database GDPR Comms Strategy Communications sent Website CRMManual addition Bought in list Marketing database (held indefinitely)
  43. 43. Marketing database (held for defined period) How users should enter database GDPR Comms Strategy Website CRM Consent / legal grounds recorded Communications sent Consent on record
  44. 44. Information you should have on file GDPR Comms Strategy Name: Matt Skinner Interests: Care Bears, data regulations Types of communications requested: events, newsletter, guides Language: English Date consented: 12 October 2017, 18:47 Subscription ends: 12 October 2019, 18:47 You can therefore send information about: events, offers or product updates related to Care Bears and data regulations for 24 months.
  45. 45. GDPR is an opportunity, not a threat Take responsibility as an individual, not as a department Start from consent and work backwards Respect your audience Start experimenting! Have fun! GDPR In Summary In summary
  46. 46. Matt Skinner Head of Digital Strategy + Data Proctor + Stevenson matt.skinner@proctors.co.uk Contact