GDPR Summary: What Every Digital Marketer Needs to Know About the New Regulations
There are a few lines around here, but surely I don’t look old enough to have been practicing law for 20 years, but I am a data protection lawyer, and that’s what GDPR is all about. What GDPR does is it really brings our data protection laws up to date with what’s going on with data. The last data protection laws that we had in Europe are 20 years old, and if you think about the differences in what we’re doing with data now and what we did 20 years ago, there’s a huge chasm and difference between what we could do then and what we can do now, so it’s only right that the law catches up with the reality of our data processing. That’s really what GDPR is all about, making sure that you’ve got a lawful ground of processing the personal data and bearing in mind these principles. Even within industries, there’s If you get a reputation within, say, the digital marketing industry or within the coaching industry or within the expert industry or whatever else, as the protection of personal data becomes more of a cultural norm, if you are the anomaly, then you’re going to start to lose customers.
One new legal document that you will definitely need is a new privacy notice that you are going to be giving to your prospects whenever you’re collecting their data. Probably, it’s not new, but the most important thing, and what’s come out of my Facebook group is how little people actually know about this and how little people focus on it, is the security aspect of data. If you’re dealing with sensitive data, special category data, things like data consisting of racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, things like that. You’ve got all these different scales of people who are processors, but essentially, they are processing our data, our lists of data under our instruction. It’s mandatory to have an agreement between the data controller and the data processor that sets out these, it’s about eight things that the GDPR says you have to have in there.
What you need to do first off is understand what is personal data and what’s not, so I’ve covered that on this call, so hopefully you know now. You need to redo your privacy notice, and again, that’s why it’s so key that you really get a good view on that data inventory of all the data that you hold and what the purpose is and what your lawful ground is, because all of that goes into your privacy notice, and if you get that wrong, and there are complaints later on, then you’re storing up problems for yourself.
Google Cloud: Ready for GDPR
Over a year ago, we wrote about our commitment to GDPR compliance across G Suite and Google Cloud Platform. Google Cloud’s focus on data security, privacy, and transparency provided a strong foundation towards achieving that commitment, and we’ve made multiple updates to ensure that Google Cloud customers can confidently use our services when the GDPR takes effect on May 25. Google Cloud generally acts as a data processor, and as a data processor we process data only as instructed by you-our customers. In turn, you own your data, and Google Cloud is committed to advancing tools and resources that put you in control. More than six months ago, well in advance of the GDPR coming into effect, we made important updates to our data processing terms for G Suite1 and Google Cloud Platform designed to directly address GDPR requirements.
These contractual updates clearly articulate our privacy commitments to customers, and are fundamental to GDPR compliance for both Google and our Cloud customers. If you haven’t already, you can opt in to the new terms by following the instructions for G Suite and for Google Cloud Platform. G Suite and Google Cloud Platform have provided contractual commitments to customers around incident notification for many years, and our updated terms reflect the notification timelines for processors put forth in Article 33 of the GDPR. With hundreds of Google engineers across the globe dedicated to security, Google Cloud has and will continue to invest in threat detection, prevention, and incident response capabilities. Google Cloud provides solutions that can help organizations keep their sensitive data confidential, available, and resilient.
We regularly test, assess, and evaluate the effectiveness of our technical and organizational security and privacy measures via third-party audits and certifications for G Suite and Google Cloud Platform. These certifications, as well as other third-party audits such as SOC1, SOC2, and SOC3, cover numerous services within Google Cloud. We provide GDPR-related documentation, white papers, videos, and other useful information for customers on our GDPR Resource Center, and will provide presentations, workshops, and opportunities for customers to engage directly with our compliance team in our global Cloud Summit and Cloud Next events throughout the year.