3. 0.35%
is the average display ad
click-through rate
38%
of US online adults have
installed an ad blocker
THE AGE OF THE CONSUMER
Source: Forrester Data Consumer Technographics, Q1 2017
50%
of US online adults actively
avoid ads on websites
47%
of US online adults actively
avoid mobile in-app ads
4. 1990
2000
2010
2015
WEBSITE
SERVER CALL LOG FILES
SERVER
WEBSITESERVER JAVASCRIPT ANALYTICS
ANALYTICS
TAG MANAGEMENT
ANALYTICS
WEBSITE
SERVER JAVASCRIPT MARKETING
ANALYTICS
SERVER
JAVASCRIPT
MARKETING
TAG MANAGEMENT
2018
OMNI-CHANNEL
ANALYTICS
A/B TEST
WEBSITE ANALYTICS
SERVER
JAVASCRIPT
MARKETING
TAG MANAGEMENT
OMNI-CHANNEL
ANALYTICS
A/B TEST DWHAPP
WEBSITE
! DIGITAL DATA OPERATIONS HAVE
GROWN IN SIZE & COMPLEXITY
8. ‘personal data’ means any information relating to an
identified or identifiable natural person (‘data subject’);
an identifiable natural person is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number, location data, an online identifier …
… or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person;
10. AUTHORITY ENFORCEMENT
Rectification or deletion of data
Order to bring the data operations into compliance with the GDPR
Reprimand
Least intrusive measure where data processing infringed GDPR provisions
Ban on data processing
Temporary or definitive limitation or ban on processing personal data
Fines
With a maximum of twenty million Euros or four percent of the global annual turnover, whichever is greater
MEASURES
12. AWARENESS
The GDPR will have serious impact and all stakeholders and decision
makers must be made aware to set things in motion.
DATA PROCESSING REGISTER
Start building a Data Processing Register and document all (personal) data
processed within your Data Infrastructure.
1 2
13. 3 4
TRANSPARENCY
Use you Data Processing Register to update you privacy statement with all
data processing and explain the legitimate basis for the data processing.
DATA REQUESTS
Review if your organization is equipped to handle the rights of the subject.
Start early, they propose a serious challenge for nearly all tools, systems
and non-digital (dark) data.
14. 5 6
LEGITIMACY
Assess all personal data processing and document the legal basis for
every operation; legal obligation, legitimate interest, explicit consent, etc.
CONSENT
Review and document the ways you ask, receive and registrate consent. As a
result you should be able to demonstrate that the data subject has given consent.
15. 7 8
DATA BREACHES
Make sure the processes and responsibilities are clear and everything is
in place to swiftly and correctly mitigate data breaches
DATA PROTECTION BY DESIGN
Get familiar with the principles of data protection by design,
by default, and privacy impact assessments
16. 9 10
DATA PROTECTION OFFICER
Appoint a Data Protection Officer, who will be responsible to uphold the GDPR
within the organization and also acts a representative towards the authorities
CONTRACTS
Review all contracts and data processing agreements your organisation has
with it’s processors and sub-processors and what amendments are required.