We are officially 11 months past the day the GDPR regulation became in effect. Has anything changed? Are marketers continuing to comply with the new EU law? It’s a no brainer that data is the key to marketing today, and GDPR has for sure made a huge impact on the way marketers manage their data here on out. In fact, from a survey by Demand Metrics and DemandBase, “nearly a quarter (22%) of marketers are unaware of the new EU guidelines”.
Although this is a concerning matter that marketers are unaware of the recent changes, this is also why we are here today. In this article, you’ll hear a few best practices on how to develop a strategy for the GDPR if you haven’t already. But first, let’s take a look at a few more stats from a survey by 2019 Data Privacy and GDPR,
- Just 32% of marketers believe their companies were fully compliant of the GDPR regulations.
- 80% reported they had concerns that their companies could be exposed to legal issues due to working with marketing technology vendors that may NOT be compliant.
- Three-quarters of marketers also reported their companies planned to invest further in technology for their data privacy efforts.
Now that the GDPR is in affect its been a huge learning opportunity for marketers. Buyer habits have changed since the law has been placed. Customers once filled out an entire form with their information without even a blink of worry. Given the new situations with the data law, customers fear that information could fall into the wrong hands. You’ll see that less and less people fill out gated content because they do not want their data out there.
Now that GDPR has been established businesses are now trying to work their way around the issues of not being able to collect data, but instead, are now trying to identify prospects much earlier in the process due to the hesitation. But, the only problem is the risk of violating GDPR rules.
Yes, it’s been 11 months since GDPR went into effect, but there are still many lessons marketers must learn, like understanding the guidelines, how to obtain consent, data management and more. Let’s hear what Webbula’s Chief Security Officer, Jeremy Fox mentions on how a marketer should stay compliant almost a full year into the law:
What Should Organizations Start Doing with Their Compliance System?
First, there are some simple questions that need to be answered. What personal information is being worked exactly? Where is it kept and how is it managed? Who is responsible for securing and managing the data?
Teamwork is Required
It is important to work with the organization’s IT team in order to create a compliance system that keeps data secure and meets the criteria set out by the GDPR. The cornerstones of the principles introduced by the GDPR is open communication between departments. By speaking up about it now, an organization may be saved any sort of reputation damage and a large fine. So what should companies do about it then? First, they need technology in place to ensure that all processes align with the compliance system. They should ensure that the platform not only serves the need of becoming GDPR compliant but that it is flexible enough to mold the cultural aspects and process of the organization. Any software used should also help to meet the need of this rapid digital transformation. It should do this via the process application platforms. It also needs to address the growing need for agile regulatory response by design. Although they may sound like competitors, these two requirements are actually quite necessary. The best way to tackle these data privacy-by-design issues is through identifying the problem at hand before going about solving it. The first step in this process is to map out the organization’s business processes. That way, an understanding can be gained from where all the personal data is stored in the systems. From here, all processes handling data can be checked to ensure they are secure and GDPR compliant. Be sure to set in place a Data Protection Impact Assessment (DPIA). This should be done for all processes that handle any personal data. If this is made mandatory, a privacy-by-design approach can be followed. The steps of a DPIA include describing the process at hand, assessing the risks involved, identifying the measures to address these risks and specifying how compliance will be demonstrated with the compliance system.
Webbula is committed to providing secure services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The GDPR enforcement is critical to our mission of providing all our global customers with safe and dependable data quality.
Since day one Webbula has been committed to the highest possible standards when it comes to data security, safety, and responsibility. Our passion and our mission has always been and will remain, Truth in Data – a statement that encapsulates everything we do on behalf of our customers and their data.
Our adherence to the General Data Protection Regulation (GDPR) changes are just another opportunity for Webbula to demonstrate our commitment to protecting our customer’s data security and privacy, and empower consent in how that data is collected, recorded, and used.