The General Data Protection Regulation (GDPR) influences all organisations that do business within the European Union or processes any kind of personal data that belong to European citizens. Complying with the GDPR rules should not be underestimated, as it takes a lot of time and effort from all each department within an organisation. The complexity has to do with, among other things, the differences between the preferences, processes and permissions of all departments. But taking the next steps is necessary to prevent any type of fines and – even more important – to preserve customers trust.
The marketing department
The risk for the marketing department concerns the complexity of the data they collect and that it might be used for purposes a user didn’t approve. The cookie request for overall marketing purposes that is used by most companies at the moment does not meet the requirements of the regulation. The GDPR provides a much-needed, updated definition of consent, defining it as: “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”. This means companies need to specify their requirements and the marketing department can only use the collected data for that purpose.
The right of the users
Before an organisation can collect any kind of information about a visitor, they need to ask for consent. And as the GDPR states, each individual has the right to change their preferred setting at any time. Organisations should adapt to this feature by implementing privacy by design principles in their processes. One of biggest concerns is that there are a lot of companies that use Google Analytics (GA). GA will gather the data of the users before they can decline anything and the result is that a company is not compliant – before the regulatory authorities even checks their other processes. With a solution such as our consent manager, individuals can change their preferred settings at any time. This way the user does not only think they have control over their settings, they actually do. Every time an individual uses the consent manager, it will change instantly.
The influence of the DPO
According to the GDPR, many companies require assigning a DPO along with their name and contact details. The most important role of the DPO is managing the data streams that take place within the company and control the data agreements with third parties. When there is the need for a new connection between a data source (of any kind) and a destination, it needs to be requested to the DPO of the organisation. Firstly, the DPO checks the purpose and estimates whether this is legally permitted. After that, the DPO informs the requester if the data stream is approved or not. The Datastream portal makes it possible for the DPO to control all the data streams that exist within a company and its trusted parties. It also shows the DPO insights of which data is collected, what settings the user chose and for what purposes the user gave opt-in.
The complexity of technology
Luckily Datastreams.io understands the complexity of technology and that it might be difficult for companies to comply data streams between systems and with the different roles of sources and destinations. Not only might the complexity of technology be a burden, but to adapt to the GDPR in all processes, it demands a lot of effort from the IT department. This is why Datastreams.io provides a GDPR compliant solution that only requires a Single Line Of Code, the SLOC. It is not designed to replace any kind of technology or tool an organisation currently has, but it is meant to provide the controller portal for the DPO and to provide secure, privacy by design transport between internal and external systems. Why not start today?