A viewpoint from Ann Kennedy, Chief Product Officer of ShareThis
GDPR is Coming. Are You Ready For a New Era of Compliance?
The impending arrival of The General Data Protection Regulation (GDPR) from the European Union means that companies have to take consumer privacy more seriously than ever before.
But there's a problem. According to one recent survey of 500 cyber security professionals in the UK, Germany, France, and the US, a whopping 57 percent are concerned about compliance. That suggests many companies are still struggling to get prepared.
To retain consumers' trust at a time when privacy is top of mind and confusion surrounding the use of data in the online ecosystem is high, brands must take a tactical approach to communicating their position. They'll need to offer options that put their customers first. NAI membership and the adoption of self-regulatory principles lays the groundwork. To successfully navigate the new era of data protection, though, every company must adhere to new data collection and usage best practices.
With that in mind, here are three strategies from ShareThis for thriving in a post-GDPR world.
When dealing with consumer privacy, transparency is critical. Organizations must describe their relationship with customer data in as much detail as possible, and in simple terms that consumers can fully grasp. The impetus for GDPR was to give consumers more control over their personal data, so you'll need to explain what you're doing to comply with data protection regulation legislation.
When updating our own privacy disclosures, conveying transparency and consumer-friendly content was paramount for ShareThis -- particularly since we were recently TAG certified against fraud. We made an effort to avoid industry and legal jargon, break down information into manageable parts, and associate each section of our disclosure with a visual icon for easy navigation.
In addition to clearly presenting your stance on privacy, joining the NAI is a great way to ensure you're doing everything you can to comply. Because self-regulatory organizations (SROs) are designed and dedicated to upholding consumer privacy and comprised of members rather than regulators, they can help websites and advertising companies prioritize transparency in the long-term. This unique positioning means SROs are well placed to draft robust and consumer-friendly regulations that keep pace with technology, without restricting innovation. By partnering with them you can put yourself ahead of the game.
Craft a Privacy Notice That Leaves No Stone Unturned
What does a strong privacy notice look like? Among other things, it should provide an overview of:
- The type and categories of data you collect, and who you collect it from
- The purpose for your data collection practices, including how and why you use consumer data
- Who has access to the data you collect, and the life cycle of that data (meaning how long it's available to you)
- How and where the data is stored
- What you're doing to safeguard customer data in order to protect against theft and fraud
- Contact information that consumers can refer to should they have a question or complaint about your policy
Finally, be sure to put some thought into how you design your privacy notice. Don't fall victim to the "info dump." We recommend instead that companies offer simplified, topline content and hyperlink to additional information. This presents page visitors with the most important information up front and allows them to dig deeper for as much additional content as they need.
Adopt a Privacy by Design Framework
A concise privacy notice is key -- but that isn't where your commitment to GDPR should end. Moving forward, it's the companies that consider consumer privacy in all aspects of their work that will fare best.
A guiding principle for ShareThis is Privacy by Design, a method of engineering that considers privacy throughout the design process, not as an add-on. For example, implement technical measures in a way that protects privacy and maximizes data protection right from the start by considering users’ preferences. Assure that personal data is always processed in a way that respects consumers' privacy, and limit the number of departments that have access to your customers' personal data.
There are big changes coming -- but make some changes of your own, and you'll be ready for this new era of compliance. For more information on ShareThis visit our website.
The views and opinions expressed in this blog are those of the authors and do not necessarily reflect those of the Network Advertising Initiative and/or any other contributor to this site.