The GDPR turned from a threat to a reality at the stroke of midnight in European Union (EU) countries today — and for many businesses with an online presence, the results aren’t pretty.
Many high-profile websites, including the Chicago Tribune and the LA Times, were suddenly unavailable to readers in the EU.
Happy GDPR day. Let me just log on to read some new- pic.twitter.com/wgF5pq8FPE
— Mark Di Stefano 🤙🏻 (@MarkDiStef) May 25, 2018
And privacy activists have already Facebook, Google, Instagram, and WhatsApp of breaching provisions of the GDPR.
— Chris Foxx (@thisisFoxx) May 25, 2018
GDPR Reinvents Data Protection
The General Data Protection Regulation (GDPR) — the EU’s new legal framework for data protection — creates sweeping changes in privacy protections. The rules aim to protect all EU citizens from privacy and data breaches and create a clearer and more consistent framework for digital businesses.
The legislation went into effect today, bursting the illusions of procrastinators who have shrugged off compliance for more than two years. The regulation was adopted on April 14, 2016.
It looks like all Tronc newspapers like the LA Times and Chicago Tribune are GDPR non-compliant, so all traffic from Europe is hitting this wall pic.twitter.com/vTuy902DZv
— Jon Passantino (@passantino) May 25, 2018
Pinterest-owned Instapaper, a read-it-later service that lets users ‘clip’ articles and pages, had to temporarily shut down its service in Europe because it failed to adopt compliant data protection rules.
— TechRadar (@techradar) May 25, 2018
About the GDPR
The GDPR fundamentally changes how data is used, protected, and controlled — and forces marketers to rethink how they communicate with consumers. It shifts the balance of power to consumers by expanding their rights to modify, delete, and receive copies of the data an organization holds on them.
The law protects personal data and regulates the processing and transfer of personal data by data controllers — an entity who determines the purposes, conditions, and means of the processing of personal data — and data processors — those who process personal data on behalf of data controllers.
The General Data Protection Regulation “will impact every website, brand and digital ad technology company that touches even one consumer across the Atlantic,” Ad Age’s Garett Sloane wrote recently.
But only a fraction of websites are fully GDPR compliant, according to a survey from business analytics leader SAS.
Less than half (46 percent) of the global organizations surveyed expected to be compliant by the time the GDPR went into effect today. Among surveyed U.S.-based organizations just 30 percent expected to meet the deadline. In the EU, 53 percent expected to meet the deadline.
Is Your Site Accessible in the EU?
The first thing companies should do today is check whether their site is still accessible in the EU. Even if it is, tread lightly. Continue to check your site once a week for the coming week as the implementation period is likely to take several months.
And in the meantime, make sure you have a structured plan in process to comply with GDPR. Make sure you:
- Determine all sources of personal identifying information (PII) and personal sensitive information (PSI)
- Know where this data is located, why is it stored, and how long is it kept
- Map your system data
- Be clear who has access to your PII and PSI
- Encrypt your data
- Test and document your security
- Document and discuss the location of your servers with your legal team
- Make sure you have the right technology solutions to ensure compliance
Arke Offers GDPR Help
For the past several weeks, Arke CEO and Co-Founder Eric Stoll has discussed the practical application of the GDPR.
His articles are designed for those who use marketing technology platforms for websites, marketing automation, and customer relationship management (CRM).
You can review the insights here: