Can you believe it’s already the end of May—and the European Union’s General Data Protection Regulation (GDPR) is already in effect?
That’s right: GDPR went into effect last Thursday and within minutes, activist groups had issued complaints against their biggest targets, including Google and Facebook. If you are NOT Google or Facebook, the swift response doesn’t mean you are also going to be hit with complaints instantly…but you also can’t count on the current tech-giant focus to protect you.
Know the rules, use the tools
The fact is, many companies have struggled to figure out how to comply with the new regulation. A mere month before the deadline, Crowd Research Partners estimated that only 40 percent of organizations would be compliant or close to it by May 25. Efforts were hampered by two key factors: limited understanding of the law and under-estimation of how much time and effort it takes to comply.
Because of those factors, many companies may be in a state of panic—which doesn’t help the situation. What does help is having a partner who understands both GDPR and your business, as well as the tools to adapt your website and systems to comply with the rules.
Plan your approach with our GDPR eBook
Then, let us know if you need assistance completing your GDPR compliance process.
Common GDPR struggles
For example, an initial decision that our clients needed to make was how to handle compliance and privacy with their contacts (prospects and customers) across the globe. They have a choice: treat ALL contacts as EU residents or identify a contacts’ current location (via IP lookup and questions in forms) and apply GDPR rules just for EU contacts. You can choose either option based on what’s best for your business and how you want to manage contact data.
Much has been written about the benefits of GDPR and how applying consent rules across the globe in the same manner will help you to hone in on just those contacts who really want to have a relationship with you, allowing you to shrink prospect lists to only highly qualified leads. However, for a U.S.-based business with majority sales focus in the Americas, it can be a hard pill to swallow to stop utilizing large, engaged prospect lists—even though you might not have a clear consent signal from them.
This is one example of the numerous decisions that organizations will find difficult to reconcile without guidance. But once you've made those essential choices, you can begin the more pragmatic and methodical process of making your data compliant and putting processes in place to manage privacy requests.
Charting a path to success
After the initial decisions were made, we helped our clients identify key project components and also ran consent request campaigns to encourage prospects to give the companies permission to stay in touch. It was a long road but we were able to successfully re-launch compliant websites by the GDPR deadline.
Some of the key attributes to consider when developing a GDPR response will include understanding:
The size of your current contact databases
Who is in the databases
Whether you really need the data you've collected
How well your databases are connected
How easy is it to facilitate a data privacy request
Which business processes feed and manage your databases
What techniques are used to track website users
What forms on your websites collect personal information
Where consent statements should be added
How to best update your privacy policies
The right CMS can make GDPR easier
Fortunately for our clients, the Kentico platform provides built-in functionality that lets us facilitate whichever privacy management approach our clients deem appropriate. Kentico’s highly customizable GDPR tools enable you to collect and track consents right down to the specific features that have been used within the website to collect data on your contacts.
Then it helps to facilitate right to access, data portability, and right to be forgotten requests—all from a single solution. Kentico’s Data Protection solution is highly customizable to help you comply with even the strictest GDPR and PII data protection regulations—and most importantly help you build a stronger relationship with contacts while avoiding unpleasant fines.
Get traction quickly to demonstrate compliance
The key is to tackle the compliance process in stages. When you break down the areas of compliance into more manageable steps, you reduce the likelihood of missing major requirements—and you increase the probability that you will actually complete your GDPR compliance project.