Taking the Fear Out of GDPR
•Télécharger en tant que PPTX, PDF•
0 j'aime•114 vues
Understand what GDPR is and how it affects US companies. - Take the 3-Question Test to see if it really applies to you - Follow a 4-part framework for updating your privacy policy - Learn why your CRM may be a problem - Get a full checklist on how to become compliant today
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Taking the Fear Out of GDPR
Similaire à Taking the Fear Out of GDPR (20)
Dernier
Dernier (20)
Taking the Fear Out of GDPR
- 1. Taking the Fear Out of GDPR - What It Means for US Companies Nate Stockard President – Blue Atlas Marketing
- 2. Started: May 25, 2018 When? Unified rules for all EU countries What? GDPR Definition GDPR European Union General Data Protection Regulation
- 3. Protection Protect personal data & strengthen privacy rights of EU individuals Control Give users control over their data Goals of EU’s General Data Protection Regulation GOALS
- 4. Protection • Lawfulness, Fairness, and Transparency • Purpose Limitation • Data Minimization Principles of EU’s General Data Protection Regulation Control • Accuracy • Storage Limitation • Integrity and Confidentiality • Accountability (as controller) PRINCIPLES
- 5. Stakeholders of GDPR An individual person, resident of European Union countries, the subject of the personal data. Data Subject Subject (company, institution…) processing a data on behalf of the controller e.g. Google, Facebook, CRM app… Data Processor Person appointed by the Data Controller responsible for overseeing data protection practices. Data Protection Officer Public institution monitoring implementation of the regulations in the specific EU member country. Data Authority Institution, business or a person processing the personal data e.g. e-commerce website. Data Controller
- 6. Who is affected by GDPR? All businesses collecting or holding personal data on EU citizens. No matter where they reside!
- 7. 3 Question Test – Does GDPR Apply To You? Do you offer goods or services to someone who lives in Europe? Even U.S.-based, but offer goods/ services to EU resident… 1 Does your company use predictive analytics or other “monitoring” of individuals in your marketing? EU Residents could fall within your data, resulting in compliance needs… 2 Does your company have any U.S. citizen expats living abroad? The regulation applies to your company if your company employs people living in the EU. 3
- 8. Name Address Phone Bank / Credit cards Email address IP address Cookies Online identifiers Data to identify someone PersonalData Biometric data Genetic data Health data Sex life, sexual orientation The List Goes On! SensitiveData Types of Personal & Private Data
- 9. GDPR – Individual User Point of View For individual: must be ensured Getting consent to process personal data Right to be forgotten Right to modify personal data Transparency - right for get information what data are collected, how data are going to be used (where stored, who will have access) Can request data in portable format
- 10. GDPR – Regulator Point of View For Regulators: have the ability to Ask for records Processing and Proof of Compliance Impose temporary bans, data notifications, or order erasure of data Suspend cross-border data flows Enforce penalties and fines
- 11. Breaking GDPR Penalties & Fines If your data is breached: GDPR FINES You must report it within 72 hours OR Face a fine up to 20M € or 4% global turnover
- 12. GDPR – Is There A US Equivalent Coming? Chairman of Information Technology Subcommittee says could be possibility with changes (Rep. Will Hurd R-TX) White House Says Looking Forward to Working With Congress on Data Privacy Issues California Passes AB375 in 2018 -> Mirrors GDPR
- 13. What Do We Do About It? -Why Does This Matter To Marketers?
- 14. Data Collection – Think About It Differently You have to ask for permission: No more checked boxes User must Opt-in (and Double Opt-in to be safe) Only ask for pertinent data for this step Transparency - Terms & Conditions, Privacy Policy, GDPR FAQ Data Storage that can be accessed by Officer
- 15. Form Example
- 16. GDPR – Company (Data Controller) View Controller - Company processing data of EU users Check Data Processors Appointing DPO = Data Protection Officer Audit data usage (what is collected, where stored…) Monitoring data breach 72 hours to report data breach
- 17. Update Your Privacy Policy If/How your use cookies and social media data Remarketing, pixels, etc. 1 How data is obtained, where you got it, third-party usage Who has access, where is shared, and so on 2 Storage timeframe How long you store it, for what purpose 3 Opt-in, opt-out, and no obligation How do they opt-out, they aren’t obligated to opt-in 4
- 18. Review your CRM Your CRM has to do more: Record how/when data was captured Duration to be kept on file (or process to clean) Any criteria used to purchase the list Easy Export for Data Protection Officer
- 19. Rebuild the database and have them opt-in again. Offer something in return to get them to opt-in again for your marketing Re-Opt-In Communication Use all communication channels to share your updates and compliance actions. Multiple Channels Explain the actions taken and effective dates of the changes Effective Dates Include the updated privacy policy or pertinent documentation to help the user understand their rights and what you are doing to be compliant Distribute the Privacy Policy
- 20. Online Tools & Apps related to GDPR Mail collection & Mailing • Double opt-ins • Agreement boxes not pre-checked • Clear data consent & usage statement • Unsubscribe option Cookie Control Banner • Use WordPress and other plugins Privacy Policies • Consult with lawyer • Buy Templates GDPR Tools & Applications Data Processors (e.g. CRM, Cloud storage) • See Their GDPR statements & features
- 21. GDPR Checklist Privacy and Security • Update Privacy Policy and share across multiple platforms • Confirm SSL encryption is in place • Establish a data breach plan of action Technical • Make changes to web form, data collection activities • Update your CRM with additional tracking and info • Ensure customer opt-outs are expiring according to schedule • Ensure cookies and pixels are disclosed in Privacy Policy and online • Talk to subject-matter experts about data safety and protection in place General • Reach out to an attorney • Communicate with your contacts • Designate your company’s data protection officer (DPO) • Cooperate with Information Commissioner’s Office should they reach out • Establish a team accountable for web, social, email, and marketing updates
- 22. What Next? 1) Download Guide at blueatlasmarketing.com/GDPR 2) Reach out to Nate with specific questions and information needed: nate@blueatlasmarketing.com, TW:@blueatlastweet, FB:/blueatlasmarketing 3) Get Compliant!!