GDPR in the Digital World
Download as PPTX, PDF0 likes185 views
The document discusses the importance of GDPR compliance for websites and outlines key requirements for organizations to meet the regulation. It highlights the challenges companies face, such as unclear roles and responsibilities and difficulties in locating personal data. The Siteimprove plugin is presented as a tool to help organizations gain control and insights necessary for GDPR compliance.
GDPR in the Digital World
- 1. Act With Digital Certainty
- 2. GDPR in the Digital World Learn how to use the Siteimprove plugin to support your GDPR compliance process. eZ Conference 6th June, 2018
- 3. Partner Manager Nadia A. Kosak Nicolai Munch Andersen Technical Product Expert
- 4. Siteimprove – By The Numbers 7000+ Customers 29 Countries 49.6M Checked Pages 69K Active Users 530 Employees 40+ Nationalities 10 Offices
- 5. 173
- 6. GDPR. Is your website compliant?
- 7. Clear consent required to collect and process data Easier access to personal data More and clearer information about data processing ‘Right to be forgotten’ - right to rectify and remove data Stricter safeguards for transfers of personal data outside the EU Right to get notified if data is compromised Fines of up to €20M or 4% of Global Annual Turnover A Marketer’s Nightmare? A Consumer’s Dream. Global reach & immediate effect New mindset & work approach required The GDPR Challenge A New Data Regulation to Protect EU Citizens’ Privacy
- 8. 3 out of 4 European companies are not GDPR compliant today 52% of companies believe they will be fined for non-compliance The State of GDPR Readiness It’s still a long way for many organizations and the clock is ticking
- 9. Key Website Requirements of GDPR May 25 has passed, do you comply ? #1: Completeness Organizations need to audit all digital assets that can contain personal data without exceptions #2: Overview & Control Organizations need to have an overview of all personal data collected and processed on their websites #3: Responsive Capacity Organizations need to be able to modify and erase personal data upon request and without undue delays #4: Documentation Organizations need to be able to show and prove their GDPR compliance efforts to relevant authorities
- 10. Personal Data Inventory Cookie Reporting Universal Search GDPR Policies Domain & IP Map Siteimprov e GDPR Siteimprove GDPR Get the control and insights you need to protect personal data and work towards privacy compliance
- 11. Personal Data Inventory Cookie Reporting Universal Search GDPR Policies Domain & IP Map Siteimprove GDPR Siteimprove GDPR Get the control and insights you need to protect personal data and work towards privacy compliance
- 13. Exclusive Demo of the Siteimprove Plugin in the eZ System
- 14. GDPR challenges companies are currently facing 14 Unclear roles and responsibilities Many requirements Locating personal data is a massive task Unawareness of publicly exposed data Uncertainty on how to document compliance
- 15. GDPR challenges companies are currently facing 15 Unclear roles and responsibilities Many requirements Locating personal data is a massive task Unawareness of publicly exposed data Uncertainty on how to document compliance
Editor's Notes
- #6: https://mashable.com/2018/05/23/google-trends-gdpr-beyonce/?europe=true#v_UZb2WutmqV
- #8: As they say: One man’s meat is another man’s poison. While GDPR brings significant improvements and benefits for European consumers, there are challenges marketers and website owners will be facing. On the plus side, we have a clearly improved legal framework that protects consumer’s personal data. From May 25, 2018 on, companies need to get a clear consent to collect and process someone’s data. More and better information needs to be available in general with regards to what happens with the data and consumers are also granted easier access to their personal data that has been collected about them. People also have a ‘right to be forgotten’ which means that their data has to be removed, i.e. from the employee section of a website, per request. Furthermore there are stricter regulations when it comes to moving personal data from the EU to another region – of course – with the goal to avoid data misuse. In case something actually goes wrong, people also have the right to be notified if data has been compromised. Failure to do so, may result in fines for the organization and compensation for the respective person who’s data has been compromised. Those are just some of the new regulations that GDPR will introduce. For marketers this means that they really need to reconsider the way the handle personal data. And what’s most interesting: The EU regulation applies to all organizations that handle European citizen data – no matter where they are located. This means that companies in North and South America, Africa, and Asia need to comply with GDPR just as their European counterparts. Non-compliance can result in fines of up to 20M Euros or 4% of Global Annual Turnover, whichever is larger.
- #9: May 25 is less than 2 months away – so where are companies in their preparation? Data suggests there is still lots of work to do - only 26% of European companies are GDPR compliant today and every second company expects to be fined for non compliance with GDPR. But there is still time to turn the situation around. A good starting point is the company’s website for which certain requirements need to be fulfilled (see next slide that focuses of some of the key ones)
- #10: 4 key requirements of GDPR regarding your website are listed above: Besides being aware of all digital assets (websites), companies need to be able to show which data they collect and store (also which data 3rd parties collect, store, and process, i.e. through cookies). Requirement #3 relates to the right to be forgotten and the ability to quickly react on such a request. And of course there is a requirement to document and show your compliance efforts in case you’re approached by authorities.
- #11: Animation slide
- #12: November 9, 2017 Siteimprove GDPR solution was launched to give organizations insight and control of they can become GDPR compliant.
- #15: Many requirements: This regulation brings many new requirements that affect different teams and departments. Locating personal data is a massive task: Companies are expected to have the ability to search for personal data in case an EU citizen’s decides to exercise the right to be forgotten. Unawareness of publicly exposed data: Anyone with a website can easily turn something private be publicly available, however, companies often have many web pages and it’s a challenge to keep an overview of all data living in those sites. Unclear roles and responsibilities: The GDPR compliance process is a company-wide project. It requires a cross-departmental effort, and companies are struggling to clearly define roles, tasks, and responsibilities. Uncertainty on how to document compliance: GDPR compliance is not a one-off effort; companies must document their risk mitigation strategies on a continuous basis.
- #16: Many requirements: This regulation brings many new requirements that affect different teams and departments. Locating personal data is a massive task: Companies are expected to have the ability to search for personal data in case an EU citizen’s decides to exercise the right to be forgotten. Unawareness of publicly exposed data: Anyone with a website can easily turn something private be publicly available, however, companies often have many web pages and it’s a challenge to keep an overview of all data living in those sites. Unclear roles and responsibilities: The GDPR compliance process is a company-wide project. It requires a cross-departmental effort, and companies are struggling to clearly define roles, tasks, and responsibilities. Uncertainty on how to document compliance: GDPR compliance is not a one-off effort; companies must document their risk mitigation strategies on a continuous basis.