Nadia Kosak Astrid
Siteimprove
Partner Manager
The deadline for GDPR compliance is May 25, 2018. Are you an eZ Platform editor? Are you ready for GDPR? Learn how to use the Siteimprove plugin for eZ Platform to support your GDPR compliance process.
7. Clear consent required
to collect and process data
Easier access
to personal
data
More and clearer
information about
data processing
‘Right to be
forgotten’
- right to rectify
and remove data
Stricter safeguards for transfers
of personal data outside the EU
Right to get
notified if
data
is
compromised
Fines of up to
€20M
or 4% of Global
Annual Turnover
A Marketer’s
Nightmare?
A Consumer’s Dream.
Global reach &
immediate effect
New mindset & work
approach required
The GDPR Challenge
A New Data Regulation to Protect EU Citizens’ Privacy
8. 3 out of 4
European companies are
not GDPR compliant today
52%
of companies believe they
will be fined for non-compliance
The State of GDPR Readiness
It’s still a long way for many organizations and the clock is ticking
9. Key Website Requirements of GDPR
May 25 has passed, do you comply ?
#1: Completeness
Organizations need to audit all
digital assets that can contain
personal data without
exceptions
#2: Overview & Control
Organizations need to have an
overview of all personal data
collected and processed on
their websites
#3: Responsive Capacity
Organizations need to be able
to modify and erase personal
data upon request and without
undue delays
#4: Documentation
Organizations need to be able
to show
and prove their GDPR compliance
efforts to relevant authorities
14. GDPR challenges companies are currently
facing
14
Unclear roles
and
responsibilities
Many
requirements
Locating
personal data is
a massive task
Unawareness of
publicly exposed
data
Uncertainty on
how to document
compliance
15. GDPR challenges companies are currently
facing
15
Unclear roles
and
responsibilities
Many
requirements
Locating
personal data is
a massive task
Unawareness of
publicly exposed
data
Uncertainty on
how to document
compliance
As they say: One man’s meat is another man’s poison. While GDPR brings significant improvements and benefits for European consumers, there are challenges marketers and website owners will be facing.
On the plus side, we have a clearly improved legal framework that protects consumer’s personal data. From May 25, 2018 on, companies need to get a clear consent to collect and process someone’s data. More and better information needs to be available in general with regards to what happens with the data and consumers are also granted easier access to their personal data that has been collected about them. People also have a ‘right to be forgotten’ which means that their data has to be removed, i.e. from the employee section of a website, per request. Furthermore there are stricter regulations when it comes to moving personal data from the EU to another region – of course – with the goal to avoid data misuse. In case something actually goes wrong, people also have the right to be notified if data has been compromised. Failure to do so, may result in fines for the organization and compensation for the respective person who’s data has been compromised.
Those are just some of the new regulations that GDPR will introduce. For marketers this means that they really need to reconsider the way the handle personal data. And what’s most interesting: The EU regulation applies to all organizations that handle European citizen data – no matter where they are located. This means that companies in North and South America, Africa, and Asia need to comply with GDPR just as their European counterparts. Non-compliance can result in fines of up to 20M Euros or 4% of Global Annual Turnover, whichever is larger.
May 25 is less than 2 months away – so where are companies in their preparation? Data suggests there is still lots of work to do - only 26% of European companies are GDPR compliant today and every second company expects to be fined for non compliance with GDPR. But there is still time to turn the situation around. A good starting point is the company’s website for which certain requirements need to be fulfilled (see next slide that focuses of some of the key ones)
4 key requirements of GDPR regarding your website are listed above: Besides being aware of all digital assets (websites), companies need to be able to show which data they collect and store (also which data 3rd parties collect, store, and process, i.e. through cookies). Requirement #3 relates to the right to be forgotten and the ability to quickly react on such a request. And of course there is a requirement to document and show your compliance efforts in case you’re approached by authorities.
Animation slide
November 9, 2017 Siteimprove GDPR solution was launched to give organizations insight and control of they can become GDPR compliant.
Many requirements: This regulation brings many new requirements that affect different teams and departments.
Locating personal data is a massive task: Companies are expected to have the ability to search for personal data in case an EU citizen’s decides to exercise the right to be forgotten.
Unawareness of publicly exposed data: Anyone with a website can easily turn something private be publicly available, however, companies often have many web pages and it’s a challenge to keep an overview of all data living in those sites.
Unclear roles and responsibilities: The GDPR compliance process is a company-wide project. It requires a cross-departmental effort, and companies are struggling to clearly define roles, tasks, and responsibilities.
Uncertainty on how to document compliance: GDPR compliance is not a one-off effort; companies must document their risk mitigation strategies on a continuous basis.
Many requirements: This regulation brings many new requirements that affect different teams and departments.
Locating personal data is a massive task: Companies are expected to have the ability to search for personal data in case an EU citizen’s decides to exercise the right to be forgotten.
Unawareness of publicly exposed data: Anyone with a website can easily turn something private be publicly available, however, companies often have many web pages and it’s a challenge to keep an overview of all data living in those sites.
Unclear roles and responsibilities: The GDPR compliance process is a company-wide project. It requires a cross-departmental effort, and companies are struggling to clearly define roles, tasks, and responsibilities.
Uncertainty on how to document compliance: GDPR compliance is not a one-off effort; companies must document their risk mitigation strategies on a continuous basis.