Article

William Yates
William Yates 9 May 2016
Categories Data & Analytics, Strategy & Operations

GDPR: Do You Know What Data Protection Breaches Could Cost You?

With the upcoming EU General Data Protection Regulation (GDPR) laws coming into force Europe-wide in 2018, it seems that many enterprises in the EU still do not understand these new laws and the far-reaching changes to data processing needed to comply with them.

While 2018 may seem like light-years away and GDPR looks like some distant inconvenience, there are two very distinct issues to bear in mind.

Firstly, there are current data privacy laws in place such as the UK Data Protection Act 1998 (DPA 1998) which is beginning to be enforced more rigorously now, as the authorities start to turn their attention to the introduction of GDPR.

Secondly, while DPA 1998 non-compliance can also lead to very heavy fines, many people are still unaware of the large financial impact these existing non-compliance penalties carry, let alone the reputational damage that will follow.

If this is the case now with DPA 1998, GDPR will have a massive impact on the unaware and non-compliant as the requirement for compliance will go way beyond where we are now, to affect nearly every department in a business, so the dangers of short-termism loom large.

The need to prepare nowData-Protection-(1).jpg

The main issue is that because many people in the business community don’t fully understand data privacy and data protection law, many basic rules are often overlooked and that can mean trouble.

Sending personal data by email; exporting data to places like the US without the proper regulatory safeguards in place, and leaving hard copy client contact data lying around all constitute violations and can attract financial penalties. But what a lot of people don’t realise is where the responsibility for data security rests.

Data Controller v Data Processor

Where a company uses its own data for marketing purposes, as a client-side marketer, you are the data owner – legally a ‘Data Controller’ – of any data in possession of your company or your digital marketing agency.

And while your digital marketing agency is the ‘Data Processor’, and this sub-contractor is subject to some liability in the event of loss, theft, or data hack, it is you the Data Controller, who will be the primary entity in the event of a breach, and the entity receiving the fine.

And GDPR fines are heavy: up to €20,000,000, or 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, and whichever is greater.

Emerging risks

In this highly connected world, data is now front-and-centre of everything we do in the marketing business today. This means data is now a valuable commodity, and the issues around sending personal data by email or exporting data to places not covered by EU-recognised data protection laws is now only a small part of the equation.

Physical theft is a growing reality, and malicious data theft or destruction has been seen, so your understanding of your agency’s digital, physical and data control becomes critical to your own employers’ security.

Review your agency and stay safe

Understanding your digital marketing agency’s data security and control systems, how they are arranged, how they are implemented and how effective they are is critical. Here are typical areas you need to be aware of:

  • access control: who is authorised to see your company’s personal data?
  • disclosure control: who is authorised to transmit data?
  • input control: who is trained (and how) on entering information?
  • job control: who manages data and how are they trained to process it?
  • availability control: how do they prevent destruction?

Understanding this is now vital to your corporate compliance. These are not only big questions, but have a complexity as people come and go in digital agency life, so the sands can be ever-shifting, making your control of the situation tricky.

Agency ISO certification and collaboration

I said at the beginning of this post that GDPR will affect practically all areas of your enterprise due to the prevalence of data in business. This means that today, you need to select the right kind of agency with the right kind of people, plus ISO 9001 and ISO 27001 certification, as this will offer you optimum security in two ways.

Firstly, with ISO 9001 and ISO 27001, you know you have the right kind of agency and, secondly, if that agency will collaborate with you, train all relevant personnel within your enterprise to optimise all departmental data security, then you have the right people, too.

But this is a two-way street: while finding an ISO 27001 certified digital agency will require commitment, getting them to commit to you to collaborate in this way will require longer-term involvement, so contractual commitment will also be a wise consideration.

Original Article

0

Comments
Please login or register to add a comment.

Author Profile

William Yates
William Yates Client Services Director at Novacom Novacom
United Kingdom

I am in charge of client service and new business development at Novacom, an award-winning, internationally-focused B2B digital marketing agency. Working with a range of industry-leading international clients, I help to deliver excellent client service and optimised campaign performance. Specialties: Sales and marketing, strategic and creative concepts development, new business development, account management, campaign performance optimisation, CRM, SEO, analytics, social media, digital marketing, business management.

See more about this author

Skills

This user has not entered their Skills

Previous Experience

2008 - Novacom - Client Services Director 2008-2010 Novacom - Account Director 2007 - 2008 Novacom - Account manager 2000 - 2005 Dixons Retail - Sales manager

Education & Qualifications

This user has not entered their Education & Qualifications

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
Infographic: The State of B2B Lead Generation 2024

Infographic: The State of B2B Lead Generation 2024

A new report from London Research and Demand Exchange looks at the latest trends in B2B lead generation, with clear insights around how lead gen leaders are generating the quality and quantity of leads they require.

Linus Gregoriadis
Linus Gregoriadis 2 April 2024
Read more
How much has marketing really changed in the last 30 years?

How much has marketing really changed in the last 30 years?

Have the principles of marketing changed in the age of the Internet? Or have many of the key fundamentals of the discipline stayed the same?

Ben Hollom
Ben Hollom 15 April 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more