Article

William Yates
William Yates 9 May 2016

GDPR: Do You Know What Data Protection Breaches Could Cost You?

With the upcoming EU General Data Protection Regulation (GDPR) laws coming into force Europe-wide in 2018, it seems that many enterprises in the EU still do not understand these new laws and the far-reaching changes to data processing needed to comply with them.

While 2018 may seem like light-years away and GDPR looks like some distant inconvenience, there are two very distinct issues to bear in mind.

Firstly, there are current data privacy laws in place such as the UK Data Protection Act 1998 (DPA 1998) which is beginning to be enforced more rigorously now, as the authorities start to turn their attention to the introduction of GDPR.

Secondly, while DPA 1998 non-compliance can also lead to very heavy fines, many people are still unaware of the large financial impact these existing non-compliance penalties carry, let alone the reputational damage that will follow.

If this is the case now with DPA 1998, GDPR will have a massive impact on the unaware and non-compliant as the requirement for compliance will go way beyond where we are now, to affect nearly every department in a business, so the dangers of short-termism loom large.

The need to prepare nowData-Protection-(1).jpg

The main issue is that because many people in the business community don’t fully understand data privacy and data protection law, many basic rules are often overlooked and that can mean trouble.

Sending personal data by email; exporting data to places like the US without the proper regulatory safeguards in place, and leaving hard copy client contact data lying around all constitute violations and can attract financial penalties. But what a lot of people don’t realise is where the responsibility for data security rests.

Data Controller v Data Processor

Where a company uses its own data for marketing purposes, as a client-side marketer, you are the data owner – legally a ‘Data Controller’ – of any data in possession of your company or your digital marketing agency.

And while your digital marketing agency is the ‘Data Processor’, and this sub-contractor is subject to some liability in the event of loss, theft, or data hack, it is you the Data Controller, who will be the primary entity in the event of a breach, and the entity receiving the fine.

And GDPR fines are heavy: up to €20,000,000, or 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, and whichever is greater.

Emerging risks

In this highly connected world, data is now front-and-centre of everything we do in the marketing business today. This means data is now a valuable commodity, and the issues around sending personal data by email or exporting data to places not covered by EU-recognised data protection laws is now only a small part of the equation.

Physical theft is a growing reality, and malicious data theft or destruction has been seen, so your understanding of your agency’s digital, physical and data control becomes critical to your own employers’ security.

Review your agency and stay safe

Understanding your digital marketing agency’s data security and control systems, how they are arranged, how they are implemented and how effective they are is critical. Here are typical areas you need to be aware of:

  • access control: who is authorised to see your company’s personal data?
  • disclosure control: who is authorised to transmit data?
  • input control: who is trained (and how) on entering information?
  • job control: who manages data and how are they trained to process it?
  • availability control: how do they prevent destruction?

Understanding this is now vital to your corporate compliance. These are not only big questions, but have a complexity as people come and go in digital agency life, so the sands can be ever-shifting, making your control of the situation tricky.

Agency ISO certification and collaboration

I said at the beginning of this post that GDPR will affect practically all areas of your enterprise due to the prevalence of data in business. This means that today, you need to select the right kind of agency with the right kind of people, plus ISO 9001 and ISO 27001 certification, as this will offer you optimum security in two ways.

Firstly, with ISO 9001 and ISO 27001, you know you have the right kind of agency and, secondly, if that agency will collaborate with you, train all relevant personnel within your enterprise to optimise all departmental data security, then you have the right people, too.

But this is a two-way street: while finding an ISO 27001 certified digital agency will require commitment, getting them to commit to you to collaborate in this way will require longer-term involvement, so contractual commitment will also be a wise consideration.

Original Article

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Promote Your Blog On These 30 Places

Promote Your Blog On These 30 Places

Social Media channels are one of the best ways to promote your blog content, but you shouldn’t stop there. Besides Social Media, there are more available places on the web which can be a great marketing tool for your blog promotion. I’m bringing you 30 proven places where you can promote your blog content and get great results.

Aleksej Durdevic
Aleksej Durdevic 7 December 2016
Read more
Top 10 Digital Branding & Marketing Trends for 2017

Top 10 Digital Branding & Marketing Trends for 2017

It’s time to re-evaluate and rebalance the digital approach for your company. Here are the Top Digital Branding & Marketing Trends for 2017 to watch for. The probing minds at the Borenstein Group, a Top Washington DC Digital Marketing and Branding Agency, have done the homework for you. Use it or lose it.

Gal Borenstein
Gal Borenstein 7 December 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
What Mobile App Design Looks like in 2017

What Mobile App Design Looks like in 2017

They say ‘move with the time or the time will leave you behind’. Being a startup it is important for you that you understand the trends, and amalgamate them in your business in order to attain the targets.

Nasrullah Patel
Nasrullah Patel 6 December 2016
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more