The regulation increases the level of control EEA citizens and residents have over their personal data in the new digital age and presents a more unified environment for international business across Europe. The Regulation impacts any business that receives, processes, stores or transfers personal data of EEA-based individuals, regardless of its location. Personal data is defined broadly and typically includes information relating to an individual such as name, email, location, online identifier, IP address, home address etc. New rights are given to individual data subjects concerning the personal data being stored, including the right prior notification of what data is being used for, how it will be processed and when it will be deleted. As a result, most businesses dealing the European market have had to review and update their data practices and privacy policies.
BlueSnap & the GDPR. BlueSnap has been focused on completing its General Data Protection Regulation compliance efforts. To enable BlueSnap merchants to continue accepting orders from individuals based in the European Economic Area from that date onwards, the GDPR compels us to put into effect a Data Protection agreement containing mandatory provisions for all merchants wherever they are based. We therefore issued a Data Protection Addendum effective for BlueSnap and all merchants as from 25th May 2018. Review the new Data Protection Addendum here: https://home.
In order to cover the aspect of data transfer from the European Economic Area to the US, BlueSnap has been certified on Privacy Shield since Q3 2016. We also added certification under the Swiss-US Privacy Shield scheme in 2017 and are currently finalizing updated data processing agreements with relevant parties involved in the processing, receipt, and storage of personal data. We strongly advise merchants that receive shopper details from EEA-based individuals to take immediate steps to ensure their own data management practices are in compliance with the GDPR, and that other third party services used in addition to BlueSnap, are also compliant.
‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short
The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. Experts say much of that activity was for show because much of it fails to render companies compliant with GDPR. Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches.
Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive. A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in. Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners.
Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics – though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model. Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017.
80 Percent of Companies Still Not GDPR-Compliant
Several weeks after the deadline for General Data Protection Regulation compliance, the vast majority of companies are either still working on it or have yet to begin the process. That’s according to the latest research from TrustArc, which surveyed 600 IT and legal professionals responsible for privacy at companies required to meet GDPR compliance in the United States, the United Kingdom and the European Union – one month following the May 25. Only one in five companies surveyed believe it is GDPR compliant, while 53 percent are in the implementation phase and 27 percent have not yet started their implementation. EU companies, excluding the U.K., are further along, with 27 percent reporting they are compliant, versus 12 percent in the U.S. and 21 percent in the U.K.
While many companies have significant work to do, nearly three in four expect to be compliant by the end of this year and 93 percent by the end of 2019. While many companies still have a long way to go, a comparison to August 2017. About one in four companies spent more than $500,000 to become GDPR-compliant, while one in three plan to spend that amount on compliance efforts between June and December 2018. Percent of U.S. companies spent more than $1 million on compliance vx. 10 percent for U.K.
and 7 percent for EU companies. Despite difficulties in becoming GDPR-compliant, 65 percent view GDPR as having a positive impact on their business, while 15 percent view the regulation as having a negative impact. Meeting customer expectations was the main driver to become compliant, much higher than concern for fines. Complexity of GDPR posed the biggest challenge to compliance. The vast majority said data privacy will become more important at their companies post-GDPR deadline, and 80 percent of companies plan to increase their spending on GDPR technology and tools to maintain compliance.