William Yates
William Yates 9 May 2016

GDPR: Do You Know What Data Protection Breaches Could Cost You?

With the upcoming EU General Data Protection Regulation (GDPR) laws coming into force Europe-wide in 2018, it seems that many enterprises in the EU still do not understand these new laws and the far-reaching changes to data processing needed to comply with them.

While 2018 may seem like light-years away and GDPR looks like some distant inconvenience, there are two very distinct issues to bear in mind.

Firstly, there are current data privacy laws in place such as the UK Data Protection Act 1998 (DPA 1998) which is beginning to be enforced more rigorously now, as the authorities start to turn their attention to the introduction of GDPR.

Secondly, while DPA 1998 non-compliance can also lead to very heavy fines, many people are still unaware of the large financial impact these existing non-compliance penalties carry, let alone the reputational damage that will follow.

If this is the case now with DPA 1998, GDPR will have a massive impact on the unaware and non-compliant as the requirement for compliance will go way beyond where we are now, to affect nearly every department in a business, so the dangers of short-termism loom large.

The need to prepare nowData-Protection-(1).jpg

The main issue is that because many people in the business community don’t fully understand data privacy and data protection law, many basic rules are often overlooked and that can mean trouble.

Sending personal data by email; exporting data to places like the US without the proper regulatory safeguards in place, and leaving hard copy client contact data lying around all constitute violations and can attract financial penalties. But what a lot of people don’t realise is where the responsibility for data security rests.

Data Controller v Data Processor

Where a company uses its own data for marketing purposes, as a client-side marketer, you are the data owner – legally a ‘Data Controller’ – of any data in possession of your company or your digital marketing agency.

And while your digital marketing agency is the ‘Data Processor’, and this sub-contractor is subject to some liability in the event of loss, theft, or data hack, it is you the Data Controller, who will be the primary entity in the event of a breach, and the entity receiving the fine.

And GDPR fines are heavy: up to €20,000,000, or 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, and whichever is greater.

Emerging risks

In this highly connected world, data is now front-and-centre of everything we do in the marketing business today. This means data is now a valuable commodity, and the issues around sending personal data by email or exporting data to places not covered by EU-recognised data protection laws is now only a small part of the equation.

Physical theft is a growing reality, and malicious data theft or destruction has been seen, so your understanding of your agency’s digital, physical and data control becomes critical to your own employers’ security.

Review your agency and stay safe

Understanding your digital marketing agency’s data security and control systems, how they are arranged, how they are implemented and how effective they are is critical. Here are typical areas you need to be aware of:

  • access control: who is authorised to see your company’s personal data?
  • disclosure control: who is authorised to transmit data?
  • input control: who is trained (and how) on entering information?
  • job control: who manages data and how are they trained to process it?
  • availability control: how do they prevent destruction?

Understanding this is now vital to your corporate compliance. These are not only big questions, but have a complexity as people come and go in digital agency life, so the sands can be ever-shifting, making your control of the situation tricky.

Agency ISO certification and collaboration

I said at the beginning of this post that GDPR will affect practically all areas of your enterprise due to the prevalence of data in business. This means that today, you need to select the right kind of agency with the right kind of people, plus ISO 9001 and ISO 27001 certification, as this will offer you optimum security in two ways.

Firstly, with ISO 9001 and ISO 27001, you know you have the right kind of agency and, secondly, if that agency will collaborate with you, train all relevant personnel within your enterprise to optimise all departmental data security, then you have the right people, too.

But this is a two-way street: while finding an ISO 27001 certified digital agency will require commitment, getting them to commit to you to collaborate in this way will require longer-term involvement, so contractual commitment will also be a wise consideration.

Original Article

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Infographic: 5 Key Findings from the Content Marketing Maturity Report

Infographic: 5 Key Findings from the Content Marketing Maturity Report

A new report from London Research and ContentCal explores how content marketing leaders are able to excel at this discipline, and reap the rewards. The infographic below summarises five of the key findings.

Linus Gregoriadis
Linus Gregoriadis 18 October 2021
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Top 10 Skills to Become a Rockstar in Digital Marketing

Top 10 Skills to Become a Rockstar in Digital Marketing

Technology is continuously evolving, prompting marketers and entrepreneurs to dive into digital marketing to increase brand awareness, reach their target market, and ultimately drive sales and profit. 

Jessica Andriani
Jessica Andriani 7 September 2018
Read more
How to Encourage Customers to Post Photos about Your Brand

How to Encourage Customers to Post Photos about Your Brand

Visuals impact buyer behavior – there’s no doubt about it. But not just any visuals will have the impact you planned on your eCommerce marketing strategy. If the only images your customers see in relation to...

Luisana Cartay
Luisana Cartay 8 June 2016
Read more