Commentary

The GDPR's Big Bang: Confusion Spreads As Deadline Looms

GDPR is like a meteorite hurtling toward earth. We know it’s coming. Are we ready?

Most of us aren’t, and there is growing confusion over just what readiness means, judging by these news items:

  • Only 5% of EU members are fully prepared for GDPR, according to a study by Alert Logic. Of 200 European companies polled, only 27% were confident they would be ready by May 2018.
  • That follows a poll by Marsh, showing that 8% are already complying.
  • Page Fair found that “only 5% of consumers would opt-in and allow the same level of tracking that exists today,” Drum columnist Samuel Scott said in a speech.  “Another 20% would accept only first-party tracking,” Scott predicted “widescale PR campaigns from Google and Facebook stating that GDPR will actually be bad for both marketers and consumers.”
  • A European Parliament Committee has approved the EU’s revised ePrivacy directive. But the telecom industry opposes it because it “both overlaps and times contradicts” the GDPR, and creates “further discrepancies” with it, according to an article in Telecompaper.  

advertisement

advertisement

Finally, most absurdly, 30% of UK business leaders have never even heard of GDPR, according to Info Security. 

Don’t expect clarity from all of this.

But don’t despair — there is a plethora of new products designed to help firms comply with GDPR (part of the growing business known as RegTech). For example:

ForgeRock has come out with something called the Privacy and Profile Management Dashboard. When deployed, it allows consumers to manage their own personal data and to exercise the following right: access, rectification, erasure, to be informed and withdraw consent at any time, the right of rectification, the right to withdraw consent at any time, the right of erasure or the right to be forgotten, the company says.

TrustArc is offering a new solution called Data Flow Manager, a data inventory and mapping tool that “builds and visualizes business process data flows to dramatically simplify the steps companies must take in order to produce the controls and reports needed to comply with GDPR and other privacy regulations,” the company says. It was announced this week during the IAPP Privacy. Security. Risk. 2017 conference. 

Opus has launched its third Party GDPR Compliance solution. It helps users identify third parties that “scope the appropriate controls for each third party,” send relevant questionnaires to those parties, automatically map to specific controls, and recommend and track remedies when a control is not met, Opus says.   

The Media Trust has launched the Digital Vendor Risk Management service. It automates website and mobile app tracking, and resolves compliance issues, the firm says. In addition, The Media Trust will certify vendors who agree to fix their web and app codes to comply with the GDPR.

There are doubtless many more. We apologize for those omissions, and will post updates as time rolls on. Finally, here are some tips for U.S. firms, from EJ McGowan, general manager of Campaigner at 2 Global, as published in MarTech:

  1. Make subscribing clear — Offer benefits like coupons and news, and provide a secondary statement and checkbox on how you plan to use data.
  2. Use clear and concise language — Let consumers know how their information will be used. And get additional consent if you plan to provide your email list to other brands.
  3. Keep your email systems secure with cyber security protocols — Your technology must able to remove data on consumers on request. “To meet these new requirements for marketers, use a system that allows finding, editing and removing email contacts to be done quickly and easily,” McGowan writes.

Next story loading loading..