How the EU-GDPR May Affect Your Website

How the EU-GDPR May
Affect Your Website
© SilverTech 2018
Note: This webinar does not constitute legal advice or guidance
PRESENTED BY

OUR GDPR EXPERTS
Derek Barka
Chief Technical Officer
SilverTech
As the Chief Technology Officer at
SilverTech, Derek leads the team
that helps businesses create
profitable relationships throughout
the entire customer lifecycle.
Paul Creme
VP & General Counsel
SilverTech
With over 30 years of
experience practicing law, Paul
utilizes his extensive legal
knowledge as SilverTech’s Vice
President, General Counsel.

1996
Founded
In 100+
Crew
members
500+
Active Projects

Our Work
We believe in the Three C’s
Clients
Crew
Company
CMS
Content Management
Systems
MA
Marketing Automation &
Journey Management
CRM
Salesforce
PARTNERSTECHNOLOGY
SEAMLESS INTEGRATIONS SHARING DATA

Agenda
1. Intro to the EU-GDPR
2. GDPR Glossary of Terms & Key Principles
3. How Companies are Complying in the
U.S.
4. Q&A

Intro to the EU-GDPR
01
© SilverTech 2018

INTRO TO THE EU-GDPR
The European Union General Data Protection
Regulation (“EU-GDPR”) or GDPR was approved in
April 2016 and becomes effective on May 25th, 2018.

The purpose is of the GDPR is to “harmonize data
privacy laws across Europe, to protect and empower
all European Union (EU) citizens data privacy, and to
reshape the way organizations across the region
approach data privacy.”

Failure to comply could cost companies $25 million
or 4% of global annual revenue, whichever is greater.

The stated goal of the GDPR is “to curb marketing’s
insatiable appetite for data and put consumers back
in control of how and when their personal data is
collected, used, shared, and “monetized.” 2

GDPR Glossary of Terms
& Key Principles
02
© SilverTech 2018

GDPR GLOSSARY
Breaches
Under the EU-GDPR, notice of a breach is mandatory and must be done within 72 hours of
first having become aware of the breach. Data processors will also be required to notify their
customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Conditions for Consent
The conditions for consent have been strengthened, as companies will no longer be able to
use long illegible terms and conditions full of legalese. Consent must be clear and
distinguishable from other matters and provided in an intelligible and easily accessible form,
using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Explicit consent is required only for processing sensitive personal data – in this context,
nothing short of “opt in.”

GDPR GLOSSARY
Data Controller
From Article 4 of the GDPR: ‘Controller’ means the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the purposes and means
of the processing of personal data.4
Data Processor
‘Processor’ means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller.5
Data Subject
The natural person(s) or individuals covered and protected by the EU-GDPR.

GDPR GLOSSARY
Data Portability
GDPR introduces the concept of data portability – the right for a data subject to receive the
personal data concerning them, which they have previously provided in a ‘commonly used
and machine-readable format’ and have the right to transmit that data to another controller.
Data Protection Officers
Your company will be required to maintain internal records and appoint a Data Protection
Officer (“DPO”) if one of your company’s core activities consist of processing operations
which require regular and systematic monitoring of data subjects on a large scale or of
special categories of data or data relating to criminal convictions and offenses.

GDPR GLOSSARY
Right to Access
Each person covered has the right to obtain from the data controller confirmation as to
whether or not personal data concerning them is being processed, where and for what
purpose. Further, the controller shall provide a copy of the personal data, free of charge, in
an electronic format.
Right to be Forgotten
Each covered person has the right to have the data controller erase their personal data,
cease further dissemination of the data, and potentially have third parties halt processing of
the data.

KEY PRINCIPLES OF THE GDPR
The guiding principle of the GDPR is that
“natural persons should have control of their
own personal data.” 7

Personal Data Shall Be:
• Processed lawfully, fairly and in a transparent
manner
• Collected for specified, explicit and legitimate
purposes and not further processed in a manner
that is incompatible with those purposes
• Adequate, relevant and limited to what is
necessary in relation to the purposes for which
they are processed
• Accurate and, where necessary, kept up to date;
every reasonable step must be taken to ensure
that personal data that are inaccurate

Conditions for Consent:
• Where processing is based on consent,
the controller shall be able to demonstrate
that the data subject has consented to
processing of his or her personal data.
• The data subject shall have the right to
withdraw his or her consent at any time.

How Companies are
Complying in the U.S.
03
© SilverTech 2018

HOW COMPANIES ARE COMPLYING IN THE U.S.
Data protection is central to the Facebook Companies. We
comply with current EU data protection law, and will comply
with the GDPR. Our GDPR preparations are well underway,
supported by the largest cross-functional team in Facebook's
history. We’re also expanding our Dublin-led data protection
team which is leading on these efforts.13

Businesses who advertise with the Facebook companies can
continue to use Facebook platforms and solutions in the same
way they do today. Each company is responsible for ensuring
their own compliance with the GDPR, just as they are responsible
for compliance with the laws that apply to them today.

Google’s new ad policy, published in March 2018, seems to
attempt to switch its status from that of a data processor of
publishers’ data to a data controller which they claim will
enable it to “make unilateral decisions about how a publisher’s
data is used”. 14

An internal discussion should occur to make
sure that the relevant people in your
organization understand what EU-DGPR is
and what is needed to be in compliance.

CHANGES TO EMAIL MARKETING
‘Reengagement’ emails will have to
disclose the following:
• Why the company is contacting them
• How the company initially acquired their
personal details
• How to update communication
preferences or opt-out of further
communication
• The value that the recipient of the email
will receive for opting-in19
Image Source: Jon Baines

CHANGES TO FORMS & COOKIES
Image Source: Kentico, GDPR Compliance and Your CMS

Consider the Following:
• If requested, you need to be able to
provide a copy of any data you have
on the visitor
• If requested, you need to be able to
erase any data you have on a visitor

Consider the Following:
• An updated privacy policy
• A documented inventory of data that
you track and keep on site visitors
• A documented procedure for
furnishing a copy of the data upon
request
• A documented procedure for erasing
the data upon request

SilverTech, Inc. creates custom, integrated digital solutions that enable its clients to grow
loyal relationships with their customers. Founded in 1996 with a vision to deliver
transformational growth through innovation, creativity, and technology, New England-
based SilverTech has earned national recognition and several prestigious awards.
LEARN MORE
METRO BOSTON 196 Bridge Street, Manchester, NH 03104 Call 603.669.6600
INDIANAPOLIS 11495 N. Pennsylvania St. STE 100, Carmel, IN 46032 Call 317.805.4376
© SilverTech 2018

SOURCES/FURTHER READING
1 Kassam, A. (May, 2014) “Spain’s everyday internet warrior who cut free from Google’s tentacles” Retrieved from:
https://www.theguardian.com/technology/2014/may/13/spain-everyman-google-mario-costeja-gonzalez
2 EUR-Lex. Access to European Union Law. Retrieved from: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=consil:ST_5419_2016_INIT
3 GDPR Portal. Retrieved from: https://www.gdpr-portal.com/
4 Resinger, Sue “GDPR is Here!” Corporate Counsel. May 2018
5 Walters, T. “The GDPR Challenge for Content Management. Kentico Whitepaper. Retrieved from:
https://www.kentico.com/product/resources/whitepapers/gdpr-challenge-for-cms
6 Ibid
7 GDPR EU “Data Controllers and Processors” Retrieved from: https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/
8,9 Ibid
10 GDPR, Recital 7
11 Compliance Junction (Dec 2017) “What are the Countries Subject to GDPR Privacy Law?” https://www.compliancejunction.com/countries-subject-gdpr-
privacy-law/
12 Faitelson, Y. (Dec 2017) “Yes, The GDPR Will Affect Your U.S.-Based Business” Retrieved from:
https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#142cbbad6ff2
13 EUR-Lex. Access to European Union Law. Retrieved from: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT&from=EN
14,15 Ibid
16 Facebook Business. “What is the General Data Protection Regulation (GDPR)?” Retrieved from: https://www.facebook.com/business/gdpr
17 Lomas, N. (May 2018) “Google Accused of using GDPR to Impose Unfair Terms on Publishers” Retrieved from: https://techcrunch.com/2018/05/01/google-
accused-of-using-gdpr-to-impose-unfair-terms-on-publishers/
18 Ibid
19 “GDPR Compliance and Your CMS. Kentico Whitepaper. Retrieved from: https://www.kentico.com/product/resources/whitepapers/gdpr-challenge-for-cms
20 Ibid
21 Manthorpe, R. (July 2017) “Wetherspoons just deleted its entire customer email database – on purpose” Retrieved from
http://www.wired.co.uk/article/wetherspoons-email-database-gdpr
22,23,24 Ibid
© SilverTech 2018

How the EU-GDPR May Affect Your Website

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à How the EU-GDPR May Affect Your Website

Similaire à How the EU-GDPR May Affect Your Website (20)

Plus de SilverTech

Plus de SilverTech (15)

Dernier

Dernier (20)

How the EU-GDPR May Affect Your Website