Publicidad
How the EU-GDPR May Affect Your Website
Denunciar
SilverTechSeguir
SilverTech18 de May de 2018•0 recomendaciones•283 vistas
1 recomendaciones
Sé el primero en que te guste
ver más
vistas
Total de vistas
0
En Slideshare
0
De embebidos
0
Número de embebidos
0
Check these out next
How the EU-GDPR May Affect Your Website
18 de May de 2018•0 recomendaciones•283 vistas
1 recomendaciones
Sé el primero en que te guste
ver más
vistas
Total de vistas
0
En Slideshare
0
De embebidos
0
Número de embebidos
0
Descargar para leer sin conexión
Denunciar
Marketing
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
SilverTechSeguir
SilverTechPublicidad
Publicidad
Publicidad
Recomendados
How to get your business GDPR readyPremier EPOS
Horner Downey & Co Newsletter- GDPRJenny Ferguson
GDPR: the legal aspects. By Matthias of theJurists Europe.Matthias Dobbelaere-Welvaert
How to get started with being GDPR compliantSiddharth Ram Dinesh
GDPR A Practical Guide with VaronisAngad Dayal
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
How the EU-GDPR May Affect Your Website
- How the EU-GDPR May Affect Your Website © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance PRESENTED BY
- OUR GDPR EXPERTS Derek Barka Chief Technical Officer SilverTech As the Chief Technology Officer at SilverTech, Derek leads the team that helps businesses create profitable relationships throughout the entire customer lifecycle. Paul Creme VP & General Counsel SilverTech With over 30 years of experience practicing law, Paul utilizes his extensive legal knowledge as SilverTech’s Vice President, General Counsel.
- 1996 Founded In 100+ Crew members 500+ Active Projects
- Our Work We believe in the Three C’s Clients Crew Company CMS Content Management Systems MA Marketing Automation & Journey Management CRM Salesforce PARTNERSTECHNOLOGY SEAMLESS INTEGRATIONS SHARING DATA
- Agenda 1. Intro to the EU-GDPR 2. GDPR Glossary of Terms & Key Principles 3. How Companies are Complying in the U.S. 4. Q&A
- Intro to the EU-GDPR 01 © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
- INTRO TO THE EU-GDPR The European Union General Data Protection Regulation (“EU-GDPR”) or GDPR was approved in April 2016 and becomes effective on May 25th, 2018.
- INTRO TO THE EU-GDPR The purpose is of the GDPR is to “harmonize data privacy laws across Europe, to protect and empower all European Union (EU) citizens data privacy, and to reshape the way organizations across the region approach data privacy.”
- INTRO TO THE EU-GDPR Failure to comply could cost companies $25 million or 4% of global annual revenue, whichever is greater.
- INTRO TO THE EU-GDPR The stated goal of the GDPR is “to curb marketing’s insatiable appetite for data and put consumers back in control of how and when their personal data is collected, used, shared, and “monetized.” 2
- GDPR Glossary of Terms & Key Principles 02 © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
- GDPR GLOSSARY Breaches Under the EU-GDPR, notice of a breach is mandatory and must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach. Conditions for Consent The conditions for consent have been strengthened, as companies will no longer be able to use long illegible terms and conditions full of legalese. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Explicit consent is required only for processing sensitive personal data – in this context, nothing short of “opt in.”
- GDPR GLOSSARY Data Controller From Article 4 of the GDPR: ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.4 Data Processor ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.5 Data Subject The natural person(s) or individuals covered and protected by the EU-GDPR.
- GDPR GLOSSARY Data Portability GDPR introduces the concept of data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly used and machine-readable format’ and have the right to transmit that data to another controller. Data Protection Officers Your company will be required to maintain internal records and appoint a Data Protection Officer (“DPO”) if one of your company’s core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offenses.
- GDPR GLOSSARY Right to Access Each person covered has the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. Right to be Forgotten Each covered person has the right to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
- KEY PRINCIPLES OF THE GDPR The guiding principle of the GDPR is that “natural persons should have control of their own personal data.” 7
- COUNTRIES COVERED BY GDPR
- Personal Data Shall Be: • Processed lawfully, fairly and in a transparent manner • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate
- Conditions for Consent: • Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. • The data subject shall have the right to withdraw his or her consent at any time.
- How Companies are Complying in the U.S. 03 © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
- HOW COMPANIES ARE COMPLYING IN THE U.S. Data protection is central to the Facebook Companies. We comply with current EU data protection law, and will comply with the GDPR. Our GDPR preparations are well underway, supported by the largest cross-functional team in Facebook's history. We’re also expanding our Dublin-led data protection team which is leading on these efforts.13
- HOW COMPANIES ARE COMPLYING IN THE U.S. Businesses who advertise with the Facebook companies can continue to use Facebook platforms and solutions in the same way they do today. Each company is responsible for ensuring their own compliance with the GDPR, just as they are responsible for compliance with the laws that apply to them today.
- HOW COMPANIES ARE COMPLYING IN THE U.S. Google’s new ad policy, published in March 2018, seems to attempt to switch its status from that of a data processor of publishers’ data to a data controller which they claim will enable it to “make unilateral decisions about how a publisher’s data is used”. 14
- HOW COMPANIES ARE COMPLYING IN THE U.S. An internal discussion should occur to make sure that the relevant people in your organization understand what EU-DGPR is and what is needed to be in compliance.
- CHANGES TO EMAIL MARKETING ‘Reengagement’ emails will have to disclose the following: • Why the company is contacting them • How the company initially acquired their personal details • How to update communication preferences or opt-out of further communication • The value that the recipient of the email will receive for opting-in19 Image Source: Jon Baines
- CHANGES TO FORMS & COOKIES Image Source: Kentico, GDPR Compliance and Your CMS
- Consider the Following: • If requested, you need to be able to provide a copy of any data you have on the visitor • If requested, you need to be able to erase any data you have on a visitor
- Consider the Following: • An updated privacy policy • A documented inventory of data that you track and keep on site visitors • A documented procedure for furnishing a copy of the data upon request • A documented procedure for erasing the data upon request
- Q&A 04 © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
- SilverTech, Inc. creates custom, integrated digital solutions that enable its clients to grow loyal relationships with their customers. Founded in 1996 with a vision to deliver transformational growth through innovation, creativity, and technology, New England- based SilverTech has earned national recognition and several prestigious awards. LEARN MORE METRO BOSTON 196 Bridge Street, Manchester, NH 03104 Call 603.669.6600 INDIANAPOLIS 11495 N. Pennsylvania St. STE 100, Carmel, IN 46032 Call 317.805.4376 © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
- SOURCES/FURTHER READING 1 Kassam, A. (May, 2014) “Spain’s everyday internet warrior who cut free from Google’s tentacles” Retrieved from: https://www.theguardian.com/technology/2014/may/13/spain-everyman-google-mario-costeja-gonzalez 2 EUR-Lex. Access to European Union Law. Retrieved from: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=consil:ST_5419_2016_INIT 3 GDPR Portal. Retrieved from: https://www.gdpr-portal.com/ 4 Resinger, Sue “GDPR is Here!” Corporate Counsel. May 2018 5 Walters, T. “The GDPR Challenge for Content Management. Kentico Whitepaper. Retrieved from: https://www.kentico.com/product/resources/whitepapers/gdpr-challenge-for-cms 6 Ibid 7 GDPR EU “Data Controllers and Processors” Retrieved from: https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/ 8,9 Ibid 10 GDPR, Recital 7 11 Compliance Junction (Dec 2017) “What are the Countries Subject to GDPR Privacy Law?” https://www.compliancejunction.com/countries-subject-gdpr- privacy-law/ 12 Faitelson, Y. (Dec 2017) “Yes, The GDPR Will Affect Your U.S.-Based Business” Retrieved from: https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#142cbbad6ff2 13 EUR-Lex. Access to European Union Law. Retrieved from: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT&from=EN 14,15 Ibid 16 Facebook Business. “What is the General Data Protection Regulation (GDPR)?” Retrieved from: https://www.facebook.com/business/gdpr 17 Lomas, N. (May 2018) “Google Accused of using GDPR to Impose Unfair Terms on Publishers” Retrieved from: https://techcrunch.com/2018/05/01/google- accused-of-using-gdpr-to-impose-unfair-terms-on-publishers/ 18 Ibid 19 “GDPR Compliance and Your CMS. Kentico Whitepaper. Retrieved from: https://www.kentico.com/product/resources/whitepapers/gdpr-challenge-for-cms 20 Ibid 21 Manthorpe, R. (July 2017) “Wetherspoons just deleted its entire customer email database – on purpose” Retrieved from http://www.wired.co.uk/article/wetherspoons-email-database-gdpr 22,23,24 Ibid © SilverTech 2018 Note: This webinar does not constitute legal advice or guidance
Publicidad