The GDPR is Just Around the Corner. Is Your Business Ready?
What is the GDPR?
So, let’s start with the basics. What is the GDPR? The General Data Protection Regulation (GDPR), is a new EU privacy bill designed to protect data subjects that takes effect on May 25th 2018.
The bill can’t be introduced soon enough. The data privacy issues it is tackling far precede Thursday’s Twitter password bug affecting 336 million accounts and the ongoing Facebook scandal, which is just the most recent and high profile in a tragically long history of data breaches. In fact, the problems the bill is addressing have reached a critical point. In the approximately 5 minutes it takes you to read this article, 17,400 data records will be lost or stolen, which translates to millions of compromised records every single day.
The purpose of the GDPR is to standardize protocols to guarantee that companies keep their clients’ personal data secure. This includes all types of identifying information, such as name, email, IP, financial or medical data.
The bill asserts a user’s rightful ownership of the information that relates to them and states that in the interests of transparency companies must make an electronic, portable copy available free of charge. They must also secure the data through the construction and maintenance of systems and digital infrastructure that safeguards data subjects’ privacy, informing them of any breach that occurs, within three days. They must also obtain user-consent for the use of their data and offer them the opportunity to have their personal information deleted or prevent third parties from processing it.
Non-compliance with the bill can have serious financial repercussions, including fines as high as 4% of the company’s global revenue for the previous year, or €20 million, whichever is greater.
Will the GDPR Affect My Business?
All businesses located inside the EU will be affected, as well as any that offer products and services to, or hold the personal data of EU citizens.
Do you have a website with traffic from the European Union? If so you will need to make your company’s security measures and transparency standards compliant with GDPR requirements.
What Can I Do to Prepare?
- Examine the information you currently hold on your users.
What data do you keep on your servers and how important to your business is the specific data you are collecting. Does it all have to be kept or can you minimize the personal information you store without negatively impacting your bottom line?
2. Review your protocols for storing user data.
Where and how do you store your data, who has access to it? What length of time do you hold on to a user’s personal information and how strict are your security measures for protecting it?
3. Upgrade your security
Start by improving your systems, through advanced encryption, multi-layered authentication, strong passwords that are mandatorily changed every 3 months, routine penetration testing to shore up your network, strict permissions determining who has access to users’ personal information, and data wiping protocols to delete sensitive data in the case of theft for all portable devices.
Other vital measures include tightened on-site security from office cameras to biometric security, and staff training on how to be vigilant against hacks, loss and other types of data breach.
How Can I Track User Activity and Still Comply with the GDPR?
Since the GDPR requires explicit user consent for the monitoring of their online activity, this will prevent you using marketing tags to collect user data behind the scenes. Users will be able to decide whether to be tracked by cookies when they browse a site, severely impacting the analytics that so many companies rely on to target their marketing, such as AdWords CPM and CTR.
Implement a strict company policy for how to audit and monitor tags, establish a strong tag architecture that complies with the GDPR, and set protocols that enable you to oversee the collection of data and effectively track tag performance. It is also essential to thoroughly examine which 3rd parties are loading on your site and to set alerts to identify non-compliance issues in real time, so they can be dealt with quickly and effectively.
How Can I Turn the GDPR to My Advantage?
The demands imposed by the GDPR are formidable. Online companies must abide by regulations requiring user consent and transparency, as well as accountability for the privacy, security and availability of user data. Also, with a ticking clock on compliance may businesses may be feeling overwhelmed and underprepared. However, there are data management platforms out there that will shoulder much of the burden and help businesses gain user consent and maximize revenues with quality, targeted marketing.
One such organization is Liberdy, which runs the Data Foundation, a non-profit decentralized platform that protects users’ data rights. The Foundation anonymizes data and ensures a fair advertising marketplace that places control in the hands of data subjects and pays them for the use of their personal information. All the data is stored on the blockchain, ensuring transparency, security and privacy. An equal-access resource, the Foundation is open source, and is controlled and owned by its community.
Look, there’s no way around it. You still need to gain consent from your users, but you can offer them a much more attractive proposition to incentivize them to sign up and agree to the use of their data. The Foundation’s anonymous single sign on widget safeguards user privacy, while providing businesses with a fresh consent-based revenue stream.
Users join the platform to benefit from the opportunity to be paid by advertisers for the use of their de-personalized personal information, and to choose exactly which data they share and with whom, while businesses benefit from verified, accurate first-hand data and new commercial partnerships. All platform users can get premium services and subscriptions in return for consent for the use of their data giving you access to a whole new pool of potential users.
The Data Foundation also stores the user data for you, in full compliance with the standards set by the bill, managing its security with airtight blockchain encryption.
Whether you choose to take advantage of an initiative like the Liberdy Data Foundation or decide to independently manage the transition to GDPR compliance, get prepared now because in just a couple of weeks the online economy is going to change irrevocably and time’s running out.
The Liberdy platform is set to launch in 2018. To learn more about the company, email us at info@liberdy.io, or join our communities, so you can get the latest updates.
