en DE RU
Request Demo
Bloomreach Acquires Exponea. Learn more

5 important GDPR questions to ask in 2021

Jan 17, 2021 Carl Bleich 4 min read

Of all of the immensely important things your company will do in 2021, focusing on General Data Protection Regulation (GDPR) compliance should be at the top of the list.

Major companies received significant fines since the regulation was introduced in 2018, including Google and H&M. Google was fined $56.6 million in 2020 for data-related issues while H&M was fined $41 million last year for violations involving the monitoring of employees.

Those are eye-catching numbers. Even if your company is not the size of Google or H&M, it can still be negatively affected by a GDPR fine.  

GDPR compliance starts with taking a hard look in the mirror and asking the right questions. Being proactive in complying with the law is a much better approach than being reactive to a data breach after seeing how much companies that were not compliant were fined in 2020.

Below are five important questions that must be asked and answered to get your company on the path to GDPR compliance in 2021.

Are you only collecting data when users accept cookies to be dropped?

All of us probably navigated to a website at some point in 2020 and were asked in a roundabout way about “accepting cookies” while we browsed.

This is because the e-privacy directive and other previous case law requires that companies obtain consent before dropping a tracker or a cookie on a visitor’s device and tracking online.

Why? To protect internet users from irresponsible companies tracking data that they shouldn’t be. While your company is certainly not one of the irresponsible ones, it is still responsible for following the law and gaining permission from users to track cookies.

You risk low levels of trust with users if you put their privacy at risk or in extreme cases a monetary fine.

Do you know all of the types of customer data you are collecting? 

Having an appropriate knowledge of your company’s data flows is the key to understanding what customer data you are collecting and why you are collecting it.

There are correct ways to collect customer data, there are ways that are questionable and there are ways that are flat out illegal. It is in your company’s best interest to have a deep knowledge of all of the types of customer data you are collecting so that you can ensure your collection methods meet legal and ethical standards.

Data types include events. Understand that some data types may include personal data, which is not necessary to keep forever. It is important to consider and communicate how long you will store personal data. It is best to do this in your company’s privacy policy.

All in all, knowledge is power. Make sure you have all of the necessary knowledge when it comes to your data collection methods. 

Have you informed your customers about how you are processing their data?

It is essential to inform your customers if you use a third party processor, such as Exponea, in your privacy policy.

This is because in order to be compliant with GDPR, companies must take every necessary step to protect customers’ data, including the data that is shared with a third party. GDPR also sets out rules and regulations for the third party to meet in order to be compliant with the legislation.

Exponea is proud to say that it is leading the market when it comes to data security and customer privacy. Forrester recognized Exponea as one of only three vendors to receive a perfect score in the privacy & security category of the Forrester Wave: Email Marketing Service Providers Report in 2020 quarter two.

If you want more information, Exponea has an individual rights document that outlines specifically what rights your customers have and what to do when your customers make requests that are within their rights. Reviewing this document will make you prepared for any such request. 

Are you using SSO and/or two-factor authentication?

A user has finally typed in the password that could not be remembered only to be hit with an extra step (two-factor authentication) to verify identity.

Is this a brief point of frustration? Perhaps. But this additional step is very important to user security. Both single sign-on (SSO) and two-factor authentication are essential in protecting important applications and giving a peace of mind to users.

SSO gives companies full control over who has access to the application, ensuring that there are no unauthorized users who can access important information. Both SSO and two-factor authentication prevent the risks associated with poor password management.

The slightly inconvenient extra steps to login are well worth the extra layers of security they come with. 

Are you aware of all of the advantages and disadvantages of the different types of customer data?

It seems like there are a dozen different types of customer data these days with a myriad of advantages and disadvantages associated with each.

While that isn’t exactly true, it can be very difficult to understand the differences between first, second, third, and zero party data.

Which data type is best to use for your business? Which type is most risky to use when trying to be in compliance with GDPR? Exponea has several outstanding customer data resources that will help guide you in these decision-making processes.

If you’re unsure of what zero party data is and what are the differences in all of the different types of customer data, download our cheatsheet that breaks everything down in an easy-to-understand way.

Zero vs. 1st, 2nd & 3rd Party Data (Cheatsheet)

Get a practical overview of the different types of customer data + their advantages and disadvantages.

By sharing your email, you consent to receiving Exponea’s newsletter. Read how we process your data in our Privacy Policy

Thank you!

The form was submitted successfully.
Check your inbox.

Exponea leads the way with compliance  

Exponea has developed its products with privacy and security in mind.

We have developed multiple guides to help existing customers stay in compliance with GDPR. If you’re interested in learning more about data privacy and security, Exponea Academy’s Privacy Fundamentals course is the deep dive you need to master the topic and become an expert. 

Another great tool for getting compliance right in 2021 is the Savvy Marketer’s Checklist for GDPR & Compliance. Compiled by Exponea’s experts, this checklist covers several of the aforementioned topics but dives deeper into cookies and consent, data health and safety, and more. It is the perfect tool to generate discussion amongst your team members on how to handle complex privacy or security issues.

Are you still waiting to get your first look at Exponea’s Customer Data & Experience Platform? Schedule a demo today to see Exponea in action and learn how we can help your company compile data and be in compliance with the law.

Savvy Marketers' Checklist for GDPR & Compliance

Savvy marketers are always prepared for anything, including GDPR & Compliance. Are you?

meet the author
Carl Bleich
Content Marketing Manager
Carl works with Exponea experts to produce valuable, customer-centric content. A trusted expert with over 15 years of experience, Carl loves exploring unique ways to turn problems into solutions in the martech space.  

Watch Exponea demo video!
Explore the Customer Data & Experience Platform B2C Leaders Love to Use

MISSGUIDED Victoria Beckham Desigual
ebuyer River Island

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.