What Google’s GDPR Compliance Efforts Mean for Your Data: Two Urgent Actions
Posted by willcritchlow
It should be quite obvious for anyone that knows me that I’m not a lawyer, and therefore that what follows is not legal advice. For anyone who doesn’t know me: I’m not a lawyer, I’m certainly not your lawyer, and what follows is definitely not legal advice.
With that out of the way, I wanted to give you some bits of information that might feed into your GDPR planning, as they come up more from the marketing side than the pure legal interpretation of your obligations and responsibilities under this new legislation. While most legal departments will be considering the direct impacts of the GDPR on their own operations, many might miss the impacts that other companies’ (namely, in this case, Google’s) compliance actions have on your data.
But I might be getting a bit ahead of myself: it’s quite possible that not all of you know what the GDPR is, and why or whether you should care. If you do know what it is, and you just want to get to my opinions, go ahead and skip down the page.
What is the GDPR?
The tweet-length version is that the GDPR (General Data Protection Regulation) is new EU legislation covering data protection and privacy for EU citizens, and it applies to all companies offering goods or services to people in the EU.
Even if you aren’t based in the EU, it applies to your company if you have customers who are, and it has teeth (fines of up to the greater of 4% of global revenue or EUR20m). It comes into force on May 25. You have probably heard about it through the myriad organizations who put you on their email list without asking and are now emailing you to “opt back in.”
In most companies, it will not fall to the marketing team to research everything that has to change and achieve compliance, though it is worth getting up to speed with at least the high-level outline and in particular its requirements around informed consent, which is:
“…any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
As always, when laws are made about new technology, there are many questions to be resolved, and indeed, jokes to be made:
Can you recommend a GDPR expert?
-yes
Can I have their email address?
-no
— Adam Cleevely (@ACleevely) May 2, 2019
But my post today isn’t about what you should do to get compliant — that’s specific to your circumstances — and a ton has been written about this already:
- I’ve found value in the content Ometria has produced on this front, e.g. 6 things e-commerce marketers should know about GDPR and their deeper GDPR guide (registration required)
- If you work in the area, this GDPR impact on social post from Buffer will get you up to speed there
- And …read more
Source:: Moz Blog