Of all of the immensely important things your company will do in 2021, focusing on General Data Protection Regulation (GDPR) compliance should be at the top of the list.
Major companies received significant fines since the regulation was introduced in 2018, including Google and H&M. Google was fined $56.6 million in 2020 for data-related issues while H&M was fined $41 million last year for violations involving the monitoring of employees.
Those are eye-catching numbers. Even if your company is not the size of Google or H&M, it can still be negatively affected by a GDPR fine.
GDPR compliance starts with taking a hard look in the mirror and asking the right questions. Being proactive in complying with the law is a much better approach than being reactive to a data breach after seeing how much companies that were not compliant were fined in 2020.
Below are five important questions that must be asked and answered to get your company on the path to GDPR compliance in 2021.
Table of Contents
Are you only collecting data when users accept cookies to be dropped?
All of us probably navigated to a website at some point in 2020 and were asked in a roundabout way about “accepting cookies” while we browsed.
This is because the e-privacy directive and other previous case law requires that companies obtain consent before dropping a tracker or a cookie on a visitor’s device and tracking online.
Why? To protect internet users from irresponsible companies tracking data that they shouldn’t be. While your company is certainly not one of the irresponsible ones, it is still responsible for following the law and gaining permission from users to track cookies.
You risk low levels of trust with users if you put their privacy at risk or in extreme cases a monetary fine.
Do you know all of the types of customer data you are collecting?
Having an appropriate knowledge of your company’s data flows is the key to understanding what customer data you are collecting and why you are collecting it.
There are correct ways to collect customer data, there are ways that are questionable and there are ways that are flat out illegal. It is in your company’s best interest to have a deep knowledge of all of the types of customer data you are collecting so that you can ensure your collection methods meet legal and ethical standards.
All in all, knowledge is power. Make sure you have all of the necessary knowledge when it comes to your data collection methods.
Have you informed your customers about how you are processing their data?
This is because in order to be compliant with GDPR, companies must take every necessary step to protect customers’ data, including the data that is shared with a third party. GDPR also sets out rules and regulations for the third party to meet in order to be compliant with the legislation.
Exponea is proud to say that it is leading the market when it comes to data security and customer privacy. Forrester recognized Exponea as one of only three vendors to receive a perfect score in the privacy & security category of the Forrester Wave: Email Marketing Service Providers Report in 2020 quarter two.
If you want more information, Exponea has an individual rights document that outlines specifically what rights your customers have and what to do when your customers make requests that are within their rights. Reviewing this document will make you prepared for any such request.
Are you using SSO and/or two-factor authentication?
A user has finally typed in the password that could not be remembered only to be hit with an extra step (two-factor authentication) to verify identity.
Is this a brief point of frustration? Perhaps. But this additional step is very important to user security. Both single sign-on (SSO) and two-factor authentication are essential in protecting important applications and giving a peace of mind to users.
SSO gives companies full control over who has access to the application, ensuring that there are no unauthorized users who can access important information. Both SSO and two-factor authentication prevent the risks associated with poor password management.
The slightly inconvenient extra steps to login are well worth the extra layers of security they come with.
Are you aware of all of the advantages and disadvantages of the different types of customer data?
It seems like there are a dozen different types of customer data these days with a myriad of advantages and disadvantages associated with each.
While that isn’t exactly true, it can be very difficult to understand the differences between first, second, third, and zero party data.
Which data type is best to use for your business? Which type is most risky to use when trying to be in compliance with GDPR? Exponea has several outstanding customer data resources that will help guide you in these decision-making processes.
If you’re unsure of what zero party data is and what are the differences in all of the different types of customer data, download our cheatsheet that breaks everything down in an easy-to-understand way.
Zero vs. 1st, 2nd & 3rd Party Data (Cheatsheet)
Get a practical overview of the different types of customer data + their advantages and disadvantages.
The form was submitted successfully.
Check your inbox.
Exponea leads the way with compliance
Exponea has developed its products with privacy and security in mind.
We have developed multiple guides to help existing customers stay in compliance with GDPR and offer a “GDPR Best Practices” course through the Exponea Academy. Our customers’ security and data privacy is a top priority.
Another great tool for getting compliance right in 2021 is the Savvy Marketer’s Checklist for GDPR & Compliance. Compiled by Exponea’s experts, this checklist covers several of the aforementioned topics but dives deeper into cookies and consent, data health and safety, and more. It is the perfect tool to generate discussion amongst your team members on how to handle complex privacy or security issues.
Are you still waiting to get your first look at Exponea’s Customer Data & Experience Platform? Schedule a demo today to see Exponea in action and learn how we can help your company compile data and be in compliance with the law.
Savvy Marketers' Checklist for GDPR & Compliance
Savvy marketers are always prepared for anything, including GDPR & Compliance. Are you?