What is the GDPR, its requirements and deadlines?
The General Data Protection Regulation is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply. According to the RSA Data Privacy & Security Report, for which RSA surveyed 7,500 consumers in France, Germany, Italy, the UK and the U.S., 80 percent of consumers said lost banking and financial data is a top concern. An alarming statistic for companies that deal with consumer data is the 62 percent of the respondents to the RSA report who say they would blame the company for their lost data in the event of a breach, not the hacker. Web data such as location, IP address, cookie data and RFID tags. Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.
The GDPR defines several roles that are responsible for ensuring compliance: data controller, data processor and the data protection officer. The data controller defines how personal data is processed and the purposes for which it is processed. Data processors may be the internal groups that maintain and process personal data records or any outsourcing firm that performs all or part of those activities. The GDPR requires the controller and the processor to designate a DPO to oversee data security strategy and GDPR compliance. Companies are required to have a DPO if they process or store large amounts of EU citizen data, process or store special personal data, regularly monitor data subjects, or are a public authority.
The GDPR places equal liability on data controllers and data processors. Before you can define responsibilities and responsibilities, you must know exactly what data you have, where and how it is processed, and the data flows.
How GDPR Impacts Marketers: What You Need to Know
In this article, you’ll find a plain-language overview of GDPR, how it could impact your data collection, and what you need to do to make sure you’re compliant before May 25, 2018. A non-EU-based business must comply with the GDPR if it collects or processes personal data of any EU resident. GDPR may require significant changes in how a company discloses and obtains consent to collect personal data. Explain why the entity wants the data and what it will do with the data. Individuals have a right to access their data, which means the right to know where, why, and how their data is processed.
Under GDPR, a company may not collect personal data of anyone under 16 without parental consent. For many social media marketers, there are many questions about whether compliance is necessary for companies outside of the EU. However, non-EU companies must comply with GDPR if: 1) they collect or process personal data of any EU resident, or 2) the company’s activities relate to offering goods or services to EU citizens, regardless of whether payment is required. Any non-EU-based business must comply with the GDPR if it collects or processes personal data. After you’ve determined what personal information you collect or process, obtain explicit consent, described above, for each reason you collect such data.
If you still aren’t sure exactly what personal data you may be collecting, here are a few examples that are common for social media marketers, along with some tips on how to stay compliant for each. If you have ads on your website from a third-party ad server, upon entering your site, users should immediately consent to your use of a third-party server that collects user data for advertising and marketing purposes. GDPR Personal Data Reports: generates a personal data report for users invoking their Right of Access.
What the GDPR Means to Social Media Marketers
That’s the penalty for failing to comply with the General Data Protection Regulation, the EU’s new data privacy law. So if you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers. Greater trust: Your customers will know what data of theirs is collected and how it will be used. Improved marketing experience: With stricter regulation on the use of personal data for marketing and advertising, consumers will likely have a better experience while surfing the internet. More privacy: Businesses are required to collect and process only personal data that are necessary for each specific purpose and implement measures to protect personal data.
More security of their personal data: With stricter rules on collection and processing of personal data, there would likely be fewer data breaches such as the recent incidents. This is because most organic social media activities such as posting content and engaging fans do not collect personal data from people who view or engage with it. You would not want to export or scrape contact details from your social media followers or groups as that is personal data. Under the GDPR, if you want to use your customers’ data or track their behavior for advertising, you must obtain the legal basis to do so. You have to state what data will be collected and how it will be used.
Several social media advertising features use customer data that you upload, collect personal data, or track behavior on your site. There have also been some changes to lead form ads on Facebook and LinkedIn to help you stay in compliant with the GDPR. As you would be collecting data through lead forms, you’ll need to state how the data will be processed and establish a legal basis for processing the data.