RSS feed Get our RSS feed

News by Topic

BizReport : Law & Regulation : May 30, 2018

Experts: GDPR is live, now what?

Though the European privacy initiative GDPR in effect, many businesses are still getting themselves up to speed, and still others are wondering just what the GDPR means for them. We asked some digital experts what this 'right to be forgotten' means for consumers and for brands.

by Kristina Knight

Kristina: What do businesses need to know, at this point, for their own GDPR initiatives?

Len Shneyder, VP of Industry Relations, SendGrid: GDPR compliance is a marathon, not a sprint. Already, we've seen over two billion emails processed yesterday (May 24) many of which are GDPR privacy updates, making it the second biggest mail volume day on record for SendGrid. In 2017 SendGrid processed over 2 billion emails on Black Friday, just slightly higher than yesterday's total volume. GDPR-compliance is an ongoing process, there's no finish line, with requirements aimed at better and more concise record keeping. GDPR is a new way of doing business and not a checkbox that companies must tick and move on. Businesses need to buckle in, because the GDPR era has only just begun.

Kristina: Many businesses think of GDPR as 'belonging' to European nations. What is your feeling about this?

Neill Feather, CEO, SiteLock: many SMBs would still be surprised to learn the regulations may apply to their US-based business. No matter how small, any business that collects information on European customers -- even just one -- is affected by the GDPR.

Kristina: What is your response to those small businesses who believe their business is already transparent 'enough'?

Francis Dinha, CEO & Co-Founder, OpenVPN: Small businesses have two main misconceptions regarding data privacy: They feel as if they have nothing to hide, so data privacy does not apply to them. And, they don't care if companies use their data. Because of these misconceptions, there are three key mistakes small businesses make when 'protecting' their data: They don't invest in the most effective IT resources to protect their data and network; They keep their data on public cloud services, instead of keeping their data on a private cloud or private network; They don't use VPN to provide remote and secure access to their data.

Kristina: What should businesses and marketers be doing at this point?

Len: No one really knows exactly what GDPR will usher in. To further complicate matters, there is no clear understanding of how enforcement will work or how fines for non-compliance will be levied. According to regulators who spoke at the IAPP Global Summit several months before GDPR came into effect, fines are the not the only tool in their chest for helping companies comply with the law. What's more, the EU regulators understand and acknowledge that this will be a steep learning curve for most businesses in the marketplace.
However, organizations should not be afraid to seek outside guidance and counsel when it comes to GDPR -- after all, people are describing this change as a "seismic shift," and that isn't hyperbole. Change can be frightening, but it can also highlight places where a businesses' data handling practices have been lacking and help bring them in line with today's requirements on both a legal and technical front.

Neill: With GDPR you have to follow security best practices in regards to collecting and storing customer information. In preparation for the forthcoming data privacy standards, small businesses can begin by cataloging the data they have on hand. This will ensure that they know what they are collecting and can purge any information they've been unnecessarily collecting over the years. Small businesses should also have GDPR processes outlined. What if someone contacts you and requests their personal information be removed? Do you have a breach and response notification plan in place for customers? Outlining these processes can help ensure that SMBs don't lose track of requests.

Francis: GDPR is going to be implemented, and the costs of not abiding by its rigid standards are huge. In addition to the data storage requirements set by GDPR, I would recommend small businesses review and update many of their internal processes, including:  Update your data encryption methods and ensure your data protection and retention policies are current; Limit employee access to customer data and records; Have strong privacy policies in place and ensure these are relayed clearly to customers and employees.

Tags: advertising, digital marketing, ecommerce, GDPR regulations, GDPR tips, OpenVPN, SendGrid, SiteLock

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.