General Data Protection Regulation will be brought into effect from this Friday and people are very much curious about the enforcement actions as European Union and member states are taking privacy and data protection quite seriously. However, there have been a limited number of enforcement actions till date. Moreover, tech companies across the globe are making efforts to ensure their operations comply with the stipulations. See More: Mark Zuckerberg to Testify Infront of European Parliament: Question-Answers to Live Stream, Here's How to Watch
Originally passed in the year 2016, the main objective of the GDPR is proffering more control to the internet user for their data and privacy. Moreover, Mark Zuckerberg - CEO of Facebook will also be in Europe for discussing the new law with regulators. To proffer more insight about the new law, we list down 5-step preparation checklist-
- Appointing a GDPR Lead or Team for reviewing data handling: As a part of the new law, the Constellation has recommended that CMOs should appoint an individual or team for handling the data in the marketing function of the firm. Moreover, primary marketing data lead should be working closely with data governance team with the DPO for reviewing and approving the marketing campaigns. Also, a detailed review of current mailing lists, data collection and handling procedures must be carried out.
- Managing contacts and leads in database: The organisations should consider sending all the active contacts a new request for verifying their email address. Moreover, they should also renew their consent to receive an email, mobile in-app, phone or direct mail communication. The firm should also create communications preference center which is basically a central web destination where customers can opt in or opt out of subscriptions like promotional newsletters or notification emails regarding deals or discounts.
- Action required while collecting Personal Data: With the new norms, the organisations will be required to proffer clear consent wording with non-legalese language, allowing the person to give an unambiguous consent. Moreover, if a company collects personal data via web form, Constellation recommends that it should be posted clearly where the information will be used. Moreover, a parental consent will be required for collecting or processing the personal data of children under the age of 16.
- Redesign data breach plan: The organizations will be required to report a data breach within 72 hours of data breach. A proactive and data breach action plan as a precaution is advised to CMOs by Constellation.