Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

GDPR

IAB responds to EU privacy complaints

The Internet Advertising Bureau (IAB) Europe has responded to complaints filed by campaigners with Data Protection Authorities (DPA) in the UK, Ireland and Poland, which make specific reference to the IAB OpenRTB Protocol and IAB Europe Transparency and Consent Framework (TCF).

The complaints allege that programmatic advertising using real-time auctions are inherently incompatible with EU data protection law. The premise of these challenges is based on communication between IAB Europe and the European Commission, from April 2017.

At the time, these conversations were part of a dialogue around the planned implementation of GDPR and revisions to the ePrivacy Directive.

IAB Europe was asked to provide details of potential challenges that would be faced within the digital advertising ecosystem, to ensure regulations developed were appropriate for use and could be implemented without limitation across the entire value chain.

The limitations identified at that time focused on how notice and choice could be given to consumers regarding the use of their data for targeting purposes. These limitations have since been addressed by the development of the Transparency and Consent Framework and IAB Consent Management Platform (CMP) by IAB Europe.

IAB Europe says it remains engaged with the European Commission and regional DPAs on behalf of members and the broader digital advertising industry, and adds that a similar dialogue has been attempted with the instigators of the complaints.

The IAB statement read: “These claims are not only false but are intentionally damaging to the digital advertising industry and to European digital media that depend on advertising as a revenue stream.

“IAB Europe has consistently tried to outline the counter arguments and correct information, mentioned above, to the claimants. However, they have consistently chosen to ignore the facts, bringing more inaccurate information to support their case. Their errors of omission could therefore be characterised as either misrepresentations or just fabrications.”

Click here to read the full statement from IAB Europe.

Has GDPR made marketers more data conscious?

The introduction of the General Data Protection Regulation (GDPR) in May 2018 has undoubtedly disrupted inbound and digital marketing strategies.

From adding compliance overhead to the soaring cost of inbound campaigns and fear of non-compliance undermining confidence in outbound campaigns, marketers are struggling to meet revenue targets.

But GDPR has also served as a massive wake-up call: marketing teams have, finally, recognised the sheer inadequacy of existing data resources.

James Isilay, CEO, Cognism, welcomes a new generation of revenue focused, data-aware marketers who are confidently combining trusted, compliant data resources with Applied Intelligence to deliver focused, targeted outbound marketing campaigns that result in a significant revenue uplift…

Blessing in Disguise

Marketers have had six months to come to terms with the realities of a post-GDPR world, but as the dust settles it is not the fear of punitive fines that is dominating the agenda but the challenge of achieving ROI given the spiralling costs affecting every stage of the sales and marketing funnel.

From the addition of the Data Protection Officer to the sheer weight of compliance overhead now borne by marketing and the spike in PPC costs, the marketing budget has taken a massive hit. The logistics associated with meeting GDPR requirements for routine data cleansing, ensuring that contacts are registered and that any out of date records are deleted are without doubt a challenge for many companies.

Yet what has really taken many by surprise is the sheer inadequacy of existing sales and marketing databases – and the knock on implication for marketing campaigns. The fact is that approximately one-third of data degrades every year and most sales teams have been using data that is up to 60% out of date: recognising and addressing this fact alone will make GDPR a blessing in disguise for marketing teams.

Data Confidence

This new era of data awareness is, in many ways, long overdue. If companies want to maximise the value of marketing data resources, the number one priority has to be accurate and up to date information. That means ditching the spreadsheets and embracing a CRM platform to achieve better data control; and it means ensuring that any data provider is by default providing GDPR compliant data and can prove strong privacy and compliance credentials. But it also means recognising and addressing the speed with which data degrades: how is the business planning to ensure data is kept up to date, accurate and alive?

It is only when armed with a trusted, accurate, real-time and GDPR compliant data resource that a business can truly begin to transform marketing performance, and hence improve the revenue stream. Combining this trusted data resource with Applied Intelligence (AI) marketing can transform performance – from gaining more insight into customer personas to identifying purchasing triggers, and delivering highly targeted, highly effective outbound campaigns.

Global Compliance

Compliance to data privacy regulations is becoming a fundamental requirement for marketers globally – from Canadian Anti-Spam Legislation (CASL) to the diverse interpretations of GDPR throughout Europe and state-specific demands in the US – and that is great news in raising data awareness and understanding. But no marketing team is rewarded for achieving regulatory compliance: it is driving revenue from those data resources that remains the primary goal. And with the cost of inbound marketing campaigns continuing to spiral, there are very real opportunities for those companies able to combine real-time, compliant data resources with AI to deliver highly targeted, highly effective outbound marketing to drive tangible revenue uplift.

GDPR still causing small business owners problems

GDPR is still causing small business owners problems, with many admitting that they are ‘clueless’ when it comes to the do’s and don’ts of data privacy regulations.

Aon commissioned researchers to poll 1,000 small business owners and found that many have procedures in place which could result in multi-million pound fines through ignorance of the new law, brought in from 25th May 2018.

More than a quarter of those polled allow staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home.

One in 10 also revealed they have visitors books in their HQ – where visitors can freely see details of others who have been there previously.

Paper diaries were still used by 26 per cent of businesses – which could contain private information or customer details and be easily misplaced.

And ten per cent said the circulation of printed out sponsorship forms – which often contain names and addresses – is common at their place of work, which is another contravention of GDPR rules.

Chris Mallett, a cyber security specialist at Aon said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.

“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.

“Yet these sorts of things are commonplace among businesses big and small across the UK.”

TOP 10 MOST COMMON WAYS SMALL BUSINESSES ARE, OR COULD BE BREAKING GDPR RULES:

1. Allowing staff to use their own computers, tablets or phones for work purposes – if personal data isn’t encrypted
2. Staff using papers diaries used for work purposes and containing personal information – major risk of them being misplaced or falling into the wrong hands
3. Using training materials which feature full details of real life case studies
4. Using images which feature customers to promote your business
5. Storing files which potentially contain personal data outside of a defined structure/naming system
6. Using images to promote your business which feature members of staff wearing nametags
7. Holding unencrypted CCTV footage where individuals are recognisable
8. Recording customer calls which capture customer card details
9. Visitors books where visitors can see other people’s information when signing in – such as names, company they work for, their vehicle registration number etc
10. Staff members circulating sponsorship/charity donation sheets

Complaints to the ICO ‘have doubled’ since GDPR came into force

Complaints to the Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since the General Data Protection Regulation (GDPR) came into effect, according to law firm EMW.

There were 6,281 complaints between May 25 2018, when GDPR came into force, and 3 July 2018, a 160% rise from just 2,417 complaints over the same period in 2017.

EMW says that businesses should be concerned about the significant increase in complaints and the size of potential fines that can be levied under the new GDPR.

Under the new regulations the cap on each fine will be raised to £16.5 million (or 4% of worldwide turnover of the entity being fined) – 33 times more than the current maximum £500,000 fine.

Increasing numbers of individuals are making complaints over potential data breaches, including some more disgruntled consumers making several, repeated complaints. Greater media publicity and Government advertising means there is a heightened awareness of individuals’ new data rights under GDPR. There is now a greater public focus on the accountability of businesses of all sizes in handling personal data.

EMW says individuals are most likely to make complaints when their sensitive personal and financial data is at risk. The financial services sector received over 10% of all complaints (660), with businesses in the education and health sectors receiving a combined 1,112 complaints.

James Geary, EMW Principal for Commercial Contracts, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled consumers prepared to use the full extent of GDPR that will create a significant workload for businesses.”

“We have seen many businesses are currently struggling to manage the burden created by the GDPR, whether or not an incident even needs to be reported. The reality of implementation may have taken many businesses by surprise. For example, emails represent one of the biggest challenges for GDPR compliance as failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine. The more data a business has, the harder it is to respond quickly and in the correct compliant manner.”

37% of UK businesses ‘still not GDPR compliant’

New research shows that over a third of UK business haven’t fallen in line with GDPR, while a similar amount still send marketing emails without consent.

A survey of 1,021 UK workers carried out by MarketingSignals.com, revealed 37% confess they are still not following the General Data Protection Regulation (GDPR).

When asked to elaborate on why the business wasn’t falling in line, 35% said they are still sending marketing emails without the expressed consent.

In addition:

  • 31% say they still have the data of those who haven’t agreed to opt in to having their data stored.
  • 27% say they haven’t secured the data in case of a ransomware attack.
  • 22% say they have a longer process for those choosing to opt out from receiving information.
  • 14% say their firm hides privacy choices from people
  • 17% say they are still unsure as to what the benefits of GDPR are

Gareth Hoyle, managing director at MarketingSignals.com said: “The research shows there are many ways that businesses are admitting to not following the newly enforced GDPR regulations. GDPR is the most fundamental change to ever happen to data privacy, so it is imperative that businesses follow this and complete the process as soon as possible.

“Businesses need to understand that acting responsibly and ethically with customer data is crucial to protect and enhance brand reputation and ensure customer trust. Not only this, but it will enhance the quality of data collected which is a good thing for UK businesses.”

81% of UK marketers feel ready for GDPR, but their employers may not be

GDPR awareness is at its highest level since 2016 and 81% of marketers feel prepared – although 7% say their employers still have no plan in place.

The deadline for Europe’s most significant overhaul of consumer data privacy laws is this coming Friday (May 25th) and the Digital Marketing Association (DMA) has published research that finds UK marketers’ confidence in their GDPR preparations is at an all-time high.

The report, ‘GDPR & You – Chapter 5’, found that 81% of marketers are confident in their understanding and preparedness for GDPR, having steadily grown from 49% since the DMA’s first survey in 2016.

However, one in five (20%) of marketers state that their employers are behind schedule and will not be ready to comply with GDPR by 25 May. Worse still, 7% state that their organisation do not have a plan in place for GDPR.

Although not being enforced until 25 May, the transition period for organisations to become GDPR compliant began two years ago, and the DMA says there is a growing belief that the benefits of the new regulations to consumers outweigh the disadvantages to businesses, with more than half (52%) of marketers believing this to be true.

“It is encouraging to see that GDPR awareness and preparedness is at an all-time high, with marketers increasingly optimistic about the benefits of the new legislation,” said Chris Combemale, CEO of the DMA. “GDPR is a fantastic opportunity for organisations to build consumer trust and highlight to their customers the benefits of sharing their data. Organisations should use it to build a culture within their business of putting the consumer first and improving their experience.”

68% of marketers believe their employer is either on track or ahead of schedule with GDPR compliance.

In response to the findings that one in four marketers’ (27%) believe their organisations are either behind schedule or without a plan, Combemale said: “While the Information Commissioner’s Office (ICO) has stated that they will be pragmatic before handing out penalties, these companies must show evidence that they are doing everything in their power to be ready. Otherwise they won’t just be receiving fines from the ICO; they could lose their customers’ trust and be at risk of security breaches, with the reputational damage posing a real threat to brand and share value.”

Over a quarter of marketers have received no specific training in GDPR

One of the biggest priorities for marketers and their organisations surrounding GDPR and highlighted in the report revolves around staff training – with a spike in the past six months in the percentage of marketers who feel they have received appropriate training for GDPR, up 21% from November 2017 to 54% in the latest survey.

But the DMA says it’s a concern that despite the complexities of GDPR compliance and its impact on how organisations communicate with customers, more than a quarter of marketers polled (27%) have had no specific training to date. 34% felt that more training was needed and approximately 68% believed training will help their organisation comply beyond the deadline.

Find full details on the report on the DMA website, here: https://dma.org.uk/article/gdpr-and-you-chapter-five 

Two thirds of UK firms won’t be GDPR compliant by May 25

New research says UK companies are massively ill-prepared for this week’s General Data Protection Regulation (GDPR) enforcement deadline.

Less than a third (29%) of organisations surveyed by USB drive specialist Apricorn felt confident they would comply, and when questioned further and asked whether there were any areas they might be likely to fail, 81% could think of some area of the new requirements that might cause them to fail when it comes to GDPR compliance.

Fifty per cent of organisations who know that GDPR will apply to them admit that a lack of understanding of the data they collect and process is their number one concern relating to non-compliance.

On top of this, almost four in ten (37%) believe they are most likely to fail because of gaps in employee training, and almost a quarter (23%) say their employees don’t understand the new responsibilities that come with the GDPR.

While one in ten still regard the GDPR as a mere tick box exercise, a substantial proportion do view it as being of some benefit to their organisation – for example 44% agree that the new regulation is a welcome opportunity to overhaul their organisation’s data handling and security processes.

The most commonly taken step so far, for those who say they will be at least somewhat prepared for the GDPR, is to review and update their security policies for mobile working (67%). However, 30% still worry they could fail to comply due to mobile working, and almost a quarter (22%) of respondents are concerned they may fail due to a lack of encryption.

“Data or personally identifiable information (PII) is at the heart of GDPR and mapping and securing it should be every organisation’s number one priority. By now, all employees, from the top down, should have an understanding of the importance of GDPR and the role they play in keeping this data safe,” said Jon Fielding, Managing Director, EMEA Apricorn. “While we know that many organisations have provided some form of employee training, clearly in some cases this hasn’t been effective and organisations should address these gaps urgently.”

Firms still not ready for GDPR with less than 3 weeks to go

Only 6 in 10 company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in later this month, a new survey from the Institute of Directors reveals.

The poll of 700 bosses shows many businesses remain unprepared for the changes with just three weeks to go until GDPR comes into force.

Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view. Many business leaders are also less sure about how the new rules will affect their firms, with around 40% reporting they are not confident or unsure as to how GDPR will impact their company.

In preparing for the reforms, businesses were most likely to turn to external private advisors, business membership organisations, such as the IoD, and the Information Commissioner’s Office (ICO) for guidance. The IoD has so far directly assisted over a thousand of its members, providing guidance and template policies.

The new laws predominantly impact how businesses engage with customers and clients. However, directors also report that GDPR compliance is affecting processes in HR and IT, as well as their governance practices.

“GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon,” said Jamie Kerr, Head of External Affairs at the Institute of Directors.

“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.

“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline”.

60% of UK businesses won’t be ready for GDPR deadline

A new report by Crowd Research Partners has revealed that only 40 per cent of organisations are either GDPR compliant or well on their way to compliance by the May 2018 deadline.

The report highlights the lack of GDPR expertise and an overall underestimation of the effort required to meet GDPR, which represents the most sweeping change in data privacy regulation in decades.

The key findings of the study include:

  • A whopping 60% of organisations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.
  • While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise; an alarming 25% have no or only very limited knowledge of the law.
  • The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.
  • Approximately a third of surveyed companies report that they will need to make substantial changes to data security practices and systems to be in compliance with GDPR. The highest ranked initiative for meeting EU GDPR compliance is to make an inventory of user data and map it to protected EU GDPR categories (71%), followed by evaluating, developing, and integrating solutions that enable GDPR compliance.

The 2018 GDPR Compliance Report has been based on a comprehensive online survey of IT, cybersecurity and compliance professionals in the 400,000-member Information Security Community on LinkedIn, and has been produced in partnership with Alert Logic, AlienVault, Cavirin, Data443, D3 Security, Haystax Technology, and Securonix.

To download a copy, click here.

GDPR

Average spend on GDPR compliance ‘tops $1.5 million per global organisation’

An EfficientIP X-Day study says average spend on GDPR compliance tops $1.5 million per global organisation, with less than 100 days to go before the deadline for EU GDPR compliance on 25th May this year.

EfficientIP, through independent market research firm Coleman Parkes, asked over 1,000 companies worldwide about their preparation plans for GDPR. Among the key findings were:

  • Over two-thirds of global businesses at 72% are confident they will have all required GDPR compliance processes in place by 25th May 2018.
  • North America is the most confident region in world, with American and Canadian organisations saying they will be prepared at 84% and 75% respectively.
  • Despite the on-going Brexit negotiations and uncertainty looming over the enforcement and effectiveness of the EU GDPR regulation on local businesses, the UK is the most confident nation in Europe, with 74% saying they will be ready by deadline day.
  • In comparison, Spanish businesses are a close second to the UK at 73%, dropping to 66% of French respondents. German organisations are the least confident in Europe at 61%.

Businesses worldwide believe there will be a variety of benefits they will gain from being GDPR compliant. Nearly half of all organisations surveyed, at 46%, say the most important benefit from being GDPR compliant is gaining customer trust to handle sensitive data.

31% of businesses believe the most important value from compliance is enhanced brand awareness. 18% of respondents felt GDPR compliance will increase customer loyalty is the most important benefit.

APAC, North America and Europe businesses believe the biggest positive impact from compliance is increased trust in handling customer data at 53%, 46% and 41% respectively.

European organisations lead the study in saying increased customer loyalty is the biggest impact at 22%, with North America and APAC following respectively at 15%, 14%.

On average, global organisations have so far spent $1,583,000 (£1,145,000) on GDPR compliance. Globally, European businesses have spent the most on average on compliance with Germany leading at $1,969,000 (£1,424,000), followed by the UK with $1,798,000 (£1,300,000), with France completing the top three at $1,781,000 (£1,288,000).

USA and Singapore tops regional spending in North America and APAC, investing $1,568,000 (£1,134,000) and $1,521,000 (£1,100,000) respectively on average. Small and Medium Business have spent on average $1,263,000 (£893,000) so far on compliance, whereas large businesses have spent up to $5 (£3.5) million on compliance.

A key element in EU GDPR is for businesses to provide adequate data protection. In response to this regulatory requirement, 38% of global organisations are convinced that better monitoring and analysis of DNS traffic is the best option to provide data protection in their networks, whilst 35% think securing network endpoints is best and only 21% choose to add more firewalls.

EfficientIP says this shows organisations are finally realising, after the various successful data breaches over the last year, that firewall technology is no longer adequate.

APAC, North America and European organisations are confident in DNS monitoring and analysis technology at 40%, 37% and 36% respectively.

Commenting on the study figures, Herve Dhelin, SVP Strategy at EfficientIP, said: “As organisations enter the final straight of GDPR compliance with 100 days to go, our research shows they have never been so close to regulatory compliance. There is still some work to do, but it is encouraging to see nearly three-quarters of businesses are ready and most organisations see monitoring and analysis of DNS traffic, not firewalls nor endpoints, is the best way of preventing data breaches.”