Preparing for GDPR
The data governance opportunity from the General Data Protection Regulation and what to do about it
What is GDPR?
The EU General Data Protection Regulation is European legislation meant to consolidate data privacy regulations across Europe. Despite being based in the EU, GDPR requirements affect companies worldwide who are doing business in the EU or monitoring the behavior of EU citizens. The deadline and enforcement date for GDPR compliance is May 25, 2018. Companies found in non-compliance are subject to administrative fines of €20mil or 4% of worldwide revenue, whichever is greater. Watch our video below for more details:
Get Resources to Help with GDPR
Sign up to receive updates on how to implement data governance before GDPR
How Can You Get Started Meeting GDPR Requirements?
To help get your data governance strategy in order, here are resources to help you take control of customer data security:
Browse our collection of data governance downloads to help you plan your strategy:
Download: 5-step Data Governance Checklist
Forrester Report: How to Design and Build a Great Consumer Data Privacy Organization
Watch these videos to understand the data protection landscape:
Helpful resources for data protection education and planning:
Data Governance: Reduce GDPR Risk & Improve Marketing Effectiveness
The GDPR is another reminder of how marketers, and businesses overall, need to improve their management of sensitive customer data. While market leaders have adopted a unified approach to data governance as a strategic initiative to improve marketing relevance and timeliness, the vast majority of companies are stuck managing data inside departmental or technological silos that create risk and uneven experiences. Ironically, this new regulation might be just the compelling event that will propel marketers to truly become data-driven, simultaneously allowing for data security measures and increased marketing effectiveness.
Given our unique position in the data supply chain, having Tealium as a trusted partner builds confidence in your business’ ability to appropriately and legally manage data, while significantly reducing your reliance on your digital marketing and analytics vendors to adhere to privacy standards. Read our Data Governance white paper to learn more.
12 Key Changes to Customer Data Protection Regulations – Implications
In addition to recommended steps to building your data governance strategy, here are 12 key facts and steps that you should take to prepare for GDPR:
1. “Personal Data” is Becoming Broader – The definition of personal data will be expanded to include genetic, economic, or social identity data.
2. Compliance Required for Companies Outside the EU – Any company, regardless of where it’s based, must comply with the regulation if it deals with an EU citizen’s personal data.
3. New Special Protections for Children’s Data – Parental consent will be required, so businesses will need to implement procedures to obtain consent.
4. Getting Valid Consent – Consent must be simple and clear. Silence or inactivity will not constitute consent.
5. Data Breach Notification Requirements – Placing a greater onus on data supply chains, all data breaches potentially harming individuals must be reported to regulators and the individual.
6. The Right to be Forgotten and Access Requests – Companies will have to give individuals access to data collected in a timely manner and requires that data subjects have the right to be forgotten.
7. Mandatory Privacy Risk Impact Assessments (PIA) – There will be conditions under which a PIA is mandatory in high-risk situations.
8. Privacy by Design – Privacy in a service or product must be built in from product conception and should only collect the minimum personal data possible.
9. Contractual Requirements – Data protection will need to be clearly documented and this could impact contract negotiations for risk and security considerations.
10. International Data Transfer Concerns – The regulation also applies to data processors, so there is risk in transferring data to countries outside the EU.
11. Data Portability – Businesses have to provide data collected to subjects electronically and in a commonly used format.
12. Introduction of the Data Protection Officer (DPO) – Some businesses will need to hire or appoint a DPO to oversee data security compliance.
Does Brexit mean UK companies
don’t need to comply with GDPR?
No. All companies that deal with the data of EU citizens, regardless of where they are based, are subject to enforcement and administrative fines of €20mil or 4% of worldwide revenue, whichever is greater. It is also unlikely that Britain will have exited the EU by May 2018 when the regulation goes into effect. There has been speculation that the UK will implement similar regulations after Brexit.
Need Help Trying to Figure Out What GDPR Means for Your Business?
Tealium’s solution consultants are knowledgeable and ready to help you strategize your data governance plan to help you get ready for GDPR.