RSS feed Get our RSS feed

News by Topic

BizReport : Internet : May 20, 2019

Brands: How to ensure GDPR compliance now

As we near the year anniversary of the EU's GDPR initiative, many businesses still haven't implemented the right technology and strategies to ensure their mailing lists, data collection, and targeting are compliant. Even those brands outside the EU could stand to take another look at how compliant they are with data privacy as consumers are more leery of data use every year. Here are a few tips.

by Kristina Knight

Kristina: It's been nearly a year since the EU introduced GDPR - what positive changes have you seen thus far?

Lucas Wojcik, CISO, Productsup: Most brands waited to start making organizational changes only a few months before GDPR requirements became enforced, so achieving compliance has been a gradual process for many retailers. In the first few months GDPR was introduced, various industry giants had underestimated the sheer complexity of identifying, developing and implementing the necessary technical and organizational measures to achieve compliance across their organization. However, over the course of the past year, larger brands have begun to proactively identify areas failing to meet GDPR's regulations and dedicate resources into achieving compliance. With an increasing awareness of data privacy among consumers and the upcoming CCPA, even smaller retail marketers are starting to take the requirements more seriously.

Kristina: What about negatives - are there areas in which digital brands could do better specific to GDPR regulations/changes?

Lucas: Retailers have been hesitant to comply with GDPR for various reasons, including the fear of losing valuable business data, experiencing a decrease in revenue, facing high expenditures for achieving initial compliance and receiving continuous administrative overhead. Not to mention many companies have a general lack of awareness in the practical implementation of the requirements. In the short-term, companies that don't comply risk experiencing data breaches, resulting in legal prosecution and administrative penalties. In the long-term, brands could damage their reputation resulting in a decrease of revenue. Either way, retailers who fail to meet GDPR regulations put their bottom lines at risk of taking a hit.

The progress that brands still have to make strongly depends on the size of the business, when they started to take actions and what resources they have dedicated for achieving GDPR compliance so far. Non-transparent, gradual information release, down-playing of severities and lagging responses are only a few of the characteristics that scare off consumers, cause expensive court proceedings, administrative fines and subsequent reputational damages.

Kristina: Are there initiatives that businesses need to implement at this time to ensure GDPR compliance?

Lucas: In an increasingly data-driven world, brands should start to perceive GDPR as an opportunity rather than as a risk for their business. Not only is there a strong correlation between data quality and GDPR compliance, but also between data quality and revenue. Refurbishing existing data pools and receiving consent provides an opportunity to rebuild relationships with customers based on more trust, personalization and the intelligent use of personal data. To claim those benefits, brands must know the risks of poor compliance and develop a deep understanding of all personal data they hold and process. This includes recognizing the purpose for which the data is collected and stored, as well as the real value it holds for the business in generating revenue on a daily basis. This deeper dive into customer data should encourage retailers to consider improving inbound marketing strategies, such as content syndication, social media marketing, SEO and branding.

Taking it step by step, brands first need to establish a dedicated, qualified and interdisciplinary team that has a deep understanding of business, legal and IT related processes within the organization. From there, they should develop a self-sustaining data protection management system or framework that ensures ongoing compliance. This framework should build off the seven key principles of GDPR, as they should lie at the heart of retailers' approach of collecting, processing and storing personal data. Next, brands need to perform a detailed gap analysis to see where they stand and follow a risk-based compliance approach, as it will be challenging to tackle the entire backlog and comply with all requirements at once. Finally, to avoid bad press and the loss of consumer trust, brands should define a clear process for managing and communicating data breaches to comply with GDPR's 72-hour window requirement for reporting to authorities.

Tags: advertising, data privacy tips, data privacy trends, ecommerce, GDPR anniversary, GDPR compliance, Productsup

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.