WTF is the GDPR and Why Does It Matter to Me? By Ben Jessup

There are four letters that are causing panic in companies around the globe: GDPR. If you haven’t heard about the General Data Protection Regulation, it’s time to start paying attention. (The deadline for compliance is May 25th, 2018 – so kick yo-self into gear)

If you HAVE heard about the GDPR but figured it was only pertinent to those weirdos in the EU, think again. The European Union’s new law has long arms, and it will impact businesses all over the world, including here in the US. A single mistake could cost your company as much as 2% of your global revenue in fines.

Worried? Let’s dig in and figure out how the GDPR will impact the way you do business.

What’s the GDPR?

The General Data Protection Regulation is a law that regulates the way data is handled in the EU. It will strengthen the individual’s right to dictate how companies deal with their personal data and ensure that companies obtain each person’s consent prior to collecting and distributing that data. “But my business isn’t IN the EU,” you say. That doesn’t matter.

As the creators of the bill began to investigate the way online data is collected, it was determined that companies in countries around the world were gathering data about citizens of the EU without their consent. Thus, Article 3 of the GDPR was born; it states that any organization collecting data from a person in the EU is subject to the requirements of the GDPR— whether the company is based in the EU or not.

Hold On— We Don’t SELL Anything to the EU! We’re Good, Right?

https://giphy.com/embed/4H70ipQvlc2GwG00Ge

Nope. You’re not. The GDPR is on to you, pal. It specifically states that a financial transaction doesn’t have to occur for your company to be subject to the law. They’re focused on the collection of personal data— gender, age, education level, country of origin, etc.

In other words, if your American company has any connection with the EU, you’ve got to follow the rules. Say, for example, Prince Charles decides to take a survey offering feedback about your website. Now you’re in the system.

“But we don’t ask for that kind of information,” you cry. “We just ask for their likes and dislikes.” Once again, you’ve been outsmarted by the wily authors of the GDPR. If Prince Charles said he likes learning more about technology or that he dislikes Mondays, you’re subject to the requirements of the GDPR.

Ok, Ok… What Do I Have to Do to Be GDPR Compliant?

Here’s the good news: unless you’re a tech giant like, say, Facebook, you probably don’t have reason to panic. You’ll need to update the language in your privacy notification— the GDPR requires all consent to be “freely given, specific, informed, and unambiguous.” (We assume you have privacy practices in writing already; if you don’t, GET ON THAT YESTERDAY.)

Additionally, you must explain how you process the data you collect in a lawful manner, lay out how long you retain the data, and explain the person’s right to complain to the ICO. All of this must be delivered in easy to understand language so you can be confident that consent is given without confusion.

Once you’ve collected any data from a citizen of the EU (Prince Charles LOVES to fill out surveys), it’s vital that you ensure this data is properly protected per the GDPR guidelines. If there is a data breach, you’ve got 72 hours to notify regulators; if you don’t, you’ll face enormous fines.

At WBG, we, too, are subject to the GDPR. We’re checking all the tools we use day-to-day to ensure that we’re compliant. Fortunately, they’re ready for us. Here are a few of the ways the digital marketing tools and software we use are making modifications:

  • HubSpot has created a playbook detailing the changes they’ve made to help users become compliant.
  • Gravity Forms offered instructions for adding a required checkbox to forms that need to be compliant.
  • MailChimp also provided direction to ensure that your email forms are GDPR-friendly.
  • Google Analytics updated their information to reflect the impact the GDPR will have on their data

There are other common tools that have already made any necessary modifications— you don’t have to do anything to stay compliant. These include:

Click-through to learn about the updates each of these tools have made to be GDPR-compliant.

Of course, it’s important to note that we’re not attorneys. We STRONGLY encourage you to discuss any questions you might have with someone who has more knowledge of the law than we do– even though we do watch a ton of Law & Order.

The GDPR is the new normal. Take the time to familiarize yourself with the rules and implement them ASAP. Prince Charles isn’t going to stop taking surveys anytime soon.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2IHhj85

Advertisements

The Night Before GDPR By Aaron Shapland

TheDigitalArtist / Pixabay

Twas the night before GDPR, when all ‘round the world.
All the companies were stirring, and emails were hurled…

As we all know – or should know – by now, the European Union’s GDPR comes into effect tomorrow. If you have not yet noticed the flurry of emails in your inbox over the past few weeks, then either you haven’t seen your inbox or you receive far too much spam.

Despite the GDPR being a European law, it impacts companies and organizations around the world. And since this is the most far-reaching and strict legislation that governs data in today’s world of data-centric decisions, it is important to be aware of what the GDPR is and how it affects you.

What is the GDPR?

The GDPR, or General Data Protection Regulation, is a new law that goes into effect in the European Union tomorrow, May 25, 2018. It gives people more control over their personal data, forces organizations to better protect personal data, and establishes a baseline, cross-border framework for how personal data should be managed. Data, in this context, refers to any personal information such as name, email, address, age, birthdate, and more.

Who does the GDPR impact?

It affects any business or organization that holds any personal data of any person in Europe – everything from customer or employee data to sales prospects on mailing lists. If you are part of a company or organization (either public or private) that does business in Europe, has employees in Europe, sends communications to anybody in Europe, or holds personal data of any European, then the GDPR directly applies to you.

While GDPR compliance is only legally required for those organizations with European data, it does set a baseline framework for trustworthiness and transparency that is long overdue. Even if your organization may not be legally affected by GDPR, implementation of GDPR standards is recommended – think of it as the new baseline expectation for companies everywhere.

What if I don’t comply?

If the GDPR applies to you (see paragraph above), then you have no choice but to comply. If you are found in violation, you will face fines of €20,000,000 or 4% of global revenue from the previous financial year – whichever is higher. And given the advance notice and ample literature on the regulation available so far, you can expect that EU authorities will be on full alert to find those organizations not complying.

How does the GDPR affect me?

The GDRP is comprised of 99 articles that outline how personal data is to be used, stored and managed. However, the robust regulation can be distilled into these key points:

1. Awareness:
Be aware of what and whose data you hold at all times, as you now have greater responsibility to safeguard it.

2. Preparedness:
Organize the data so it is cataloged, centralized, and easily accessible by the data owners (they now have the right to edit and request deletion of their data).

3. Responsibility:
Appoint a Data Protection Officer, who is responsible for overseeing all of the data, and inform data owners of how to contact this person.

4. Proactivity:
Implement security measures and protocols to protect the data. Any data breaches must now be announced to the data owners within 72 hours of discovery.

5. Communication:
Educate employees and clients alike on your data management approach. Transparency is the best approach, so keep the communication lines open and all language clear & concise.

Where can I learn more?

To learn more about the GDPR and its detailed policies, you can visit the EU’s website on data protection: https://ec.europa.eu/info/law/law-topic/data-protection_en

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2klEtlQ

GDPR: What It Means For You, Us, and the Rest of the World By Lori Highby

jaydeep_ / Pixabay

With technology permeating every corner of the world, globalization has become more prevalent than ever. These days you can send messages to someone on the opposite side of the planet in the time it takes you to type it out.

Although there are plenty of benefits of globalization, one side effect is that laws and regulations that happen in some countries can impact the rest of the world in substantial ways. Today we’re going to be talking about one such change – the GDPR. Let’s see the results of this legislation.

What is the GDPR?

This stands for the General Data Protection Regulation. It was passed by the European Union, and it will become law this year. While there are a lot of technical aspects of the GDPR, it relates mostly to cybersecurity and personal data – how it’s stored, shared, and processed.

Because more and more information is being transferred online, this legislation has far-reaching effects. As such, it’s imperative that everyone have a solid grasp of what it does and how it will impact businesses around the globe.

Again, there are more complicated elements of the GDPR, but here are the most notable pieces to pay attention to.

Right to Access – Individuals will have the right to see how their personal information is being used by a company, as well as request access at any time.

Right to Deletion – When a customer is no longer part of a business, they can request that their data be deleted from the company’s archives.

Right to Information – If a business changes how they collect or process consumer data, they have to make these changes known to the public so that people can decide if they want to continue to have their data stored.

Right to Correct Information – Errors happen all the time, but a person is now able to request that the data that a company has is accurate and up-to-date.

Right to Object – This is a big one. If a consumer doesn’t want his or her information shared by a company, he or she can file an objection that the company has to obey.

Right to Restrict – Like objection, consumers can also dictate how their data is processed and stored.

As you can imagine, these changes are going to have a significant impact on the way that companies do business, both in the European Union and abroad. Other elements include a right to notification in case there is a breach, as well as portability, which enables consumers to transfer their data as they see fit.

When Does the GDPR Go Into Effect?

May 25th is the official date when the GDPR will become active, so any company that does business in the EU (i.e., has offices or employees there) should already be well on their way to becoming compliant with the new law.

What if I Don’t Do Business in the EU?

At first glance, you may think that such sweeping legislation may not affect you or your company because you are based in the US (or another non-EU country). However, as we mentioned, the effects of these changes are far-reaching, which means that everyone will be affected, both directly and indirectly.

Part of the reason that this law is going to become such a global presence is that it has both loose and strict definitions of what it protects. On the loose side, it doesn’t refer to a specific group of people, such as citizens or residents of any European Union country. Thus, anyone in the world could be subject to these protections and rights.

On the stricter side of things, the definition of personal data and privacy are tightly controlled. In the US, we have a much narrower definition of what constitutes personal information, which is usually related to an ID number (i.e., social security). In the EU, however, personal data is anything that can be used to identify a natural person.

Almost any information collected online falls into this category. Data like IP addresses, physical location, gender, age, body type, and ethnicity are just a few of the items considered “personal data.” As a result, nearly anyone who is tied to the EU (even tenuously) can have their information protected by the GDPR.

Controlling vs. Processing Data

To put things into a bit more perspective, you have to determine whether your company is a controller of personal data or a processor. While the definitions are more tightly defined, they loosely translate to the following.

Processor – an entity that collects or uses information in any way

Controller – an entity that decides how to use personal data

For example, a controller could be a company that collects consumer data to sell them products. A processor would be a business that processes that information to ship products to the customer.

Bottom Line – What Do I Need to Know?

Overall, the GDPR is a law that puts power to the people. No longer will businesses dictate how information is collected, stored, and used. Now, consumers will have much more control over their data and who has access to it.

As a business, you have to become GDPR compliant if you have any kind of internet presence, which is basically everyone. Even if you don’t transact anything with an EU resident, even potentially collecting his or her data means that you fall under the GDPR’s jurisdiction.

Thus, you should become compliant no matter what so that you don’t get into any pitfalls. The ramifications of failure can be costly, and it could create more problems than it’s worth.

The bottom line is that consumers now have the right to know how their data is being used, and they have the right to tell businesses if they approve of it or not. Transparency and consent are the two primary changes, so make sure that your company offers both.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2IIpvBe

Why Your Spring Cleaning Should Include Unused Cloud Resources By Andy Richman

kreatikar / Pixabay

Given that spring is very much in the air – at least it is here in Northern Virginia – our attention has turned to tidying up the yard and getting things in good shape for summer. While things are not so seasonally-focused in the world of cloud, the metaphor of taking time out to clean things up applies to unused cloud resources as well. We have even seen some call this ‘cloud pruning’ (not to be confused with the Japanese gardening method).

Cloud pruning is important for improving both cost and performance of your infrastructure. So what are some of the ways you can go about cleaning up, optimizing, and ensuring that our cloud environments are in great shape?

Delete Old Snapshots

Let’s start with focusing on items that we no longer need. One of the most common types of unused cloud resources is old Snapshots. These are your old EBS volumes on AWS, your storage disks (blobs) on Azure, and persistent disks on GCP. If you have had some form of backup strategy then it’s likely that you will understand the need to manage the number of snapshots you keep for a particular volume, and the need to delete older, unneeded snapshots. Cleaning these up immediately helps save on your storage costs and there are a number of best practices documenting how to streamline this process as well as a number of free and paid-for tools to help support this process.

Delete Old Machine Images

A Machine Image provides the information required to launch an instance, which is a virtual server in the cloud. In AWS these are called AMIs, in Azure they’re called Managed Images, and in GCP Custom Images. When these images are no longer needed, it is possible to deregister them. However, depending on your configuration you are likely to continue to incur costs, as typically the snapshot that was created when the image was first created will continue to incur storage costs. Therefore, if you are finished with an AMI, be sure to ensure that you also delete its accompanying snapshot. Managing your old AMIs does require work, but there are a number of methods to streamline these processes made available both by the cloud providers as well as third-party vendors to manage this type of unused cloud resources.

Optimize Containers

With the widespread adoption of containers in the last few years and much of the focus on their specific benefits, few have paid attention to ensuring these containers are optimized for performance and cost. One of the most effective ways to maximize the benefits of containers is to host multiple containerized application workloads within a single larger instance (typically large or x-large VM) rather than on a number of smaller, separate VMs. In particular, this is something you would could utilize in your dev and test environments rather than in production, where you may just have one machine available to deploy to. As containerization continues to evolve, services such as AWS’s Fargate are enabling much more control of the resources required to run your containers beyond what is available today using traditional VMs. In particular, the ability to specify the exact CPU and memory your code requires (and thus the amount you pay) scales exactly with how many containers you are running.

So alongside pruning your trees or sweeping your deck and taking care of your outside spaces this spring, remember to take a look around your cloud environment and look for opportunities to remove unused cloud resources to optimize not only for cost, but also performance.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2Lt8z3t

Why Your Spring Cleaning Should Include Unused Cloud Resources By Andy Richman

kreatikar / Pixabay

Given that spring is very much in the air – at least it is here in Northern Virginia – our attention has turned to tidying up the yard and getting things in good shape for summer. While things are not so seasonally-focused in the world of cloud, the metaphor of taking time out to clean things up applies to unused cloud resources as well. We have even seen some call this ‘cloud pruning’ (not to be confused with the Japanese gardening method).

Cloud pruning is important for improving both cost and performance of your infrastructure. So what are some of the ways you can go about cleaning up, optimizing, and ensuring that our cloud environments are in great shape?

Delete Old Snapshots

Let’s start with focusing on items that we no longer need. One of the most common types of unused cloud resources is old Snapshots. These are your old EBS volumes on AWS, your storage disks (blobs) on Azure, and persistent disks on GCP. If you have had some form of backup strategy then it’s likely that you will understand the need to manage the number of snapshots you keep for a particular volume, and the need to delete older, unneeded snapshots. Cleaning these up immediately helps save on your storage costs and there are a number of best practices documenting how to streamline this process as well as a number of free and paid-for tools to help support this process.

Delete Old Machine Images

A Machine Image provides the information required to launch an instance, which is a virtual server in the cloud. In AWS these are called AMIs, in Azure they’re called Managed Images, and in GCP Custom Images. When these images are no longer needed, it is possible to deregister them. However, depending on your configuration you are likely to continue to incur costs, as typically the snapshot that was created when the image was first created will continue to incur storage costs. Therefore, if you are finished with an AMI, be sure to ensure that you also delete its accompanying snapshot. Managing your old AMIs does require work, but there are a number of methods to streamline these processes made available both by the cloud providers as well as third-party vendors to manage this type of unused cloud resources.

Optimize Containers

With the widespread adoption of containers in the last few years and much of the focus on their specific benefits, few have paid attention to ensuring these containers are optimized for performance and cost. One of the most effective ways to maximize the benefits of containers is to host multiple containerized application workloads within a single larger instance (typically large or x-large VM) rather than on a number of smaller, separate VMs. In particular, this is something you would could utilize in your dev and test environments rather than in production, where you may just have one machine available to deploy to. As containerization continues to evolve, services such as AWS’s Fargate are enabling much more control of the resources required to run your containers beyond what is available today using traditional VMs. In particular, the ability to specify the exact CPU and memory your code requires (and thus the amount you pay) scales exactly with how many containers you are running.

So alongside pruning your trees or sweeping your deck and taking care of your outside spaces this spring, remember to take a look around your cloud environment and look for opportunities to remove unused cloud resources to optimize not only for cost, but also performance.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2Lt8z3t

7 Onboarding Techniques to Boost App Engagement By Sabih Javed

Having tons of new people downloading your app feels great. But it isn’t all about numbers, especially when your app has a poor retention rate.

A sign-up or an app download doesn’t (always) mean the user will engage with your app in future. Only 14% of new users return after initial download and only 2.7% users’ stick after 30 days. The industry-wide app engagement after 90 days stands at 4%.

The way you present your app to new users and how easy you make it for them to achieve success with your app makes or breaks the deal. When a user downloads an app, the first week is crucial because 55% of users who engage with an app in the first week after download stick with it and retain.

The Ripple Effect

This is where user onboarding plays its role. The idea is to let users understand, explore, and get started with your app as quickly and easily as possible.

Customer onboarding defines the entire process that a user goes through from getting acquired to becoming a customer and beyond. A good user onboarding process has the potential to increase engagement up to 4x.

Creating an onboarding process that will actually make users fell in love with your app is no less than a challenge. Not all user onboarding processes are created equal so you have to do a great job to stand out from the crowd.

How to do it?

The following seven onboarding techniques will show you how you can make it work for your app and how to create a user onboarding process that will actually boost app engagement and make users stick with your app like glue.

1. Make onboarding benefit-focused

You need to show the most prominent benefits of your app to the users in the onboarding process. Obviously, you cannot show all the benefits, so you have to pick a few major benefits that make your app stand out from the crowd, and focus on them.

Show new users the best benefits of your app so they have no other choice but to continue using the app. You can show these benefits to users before they have signed up for your app (immediately after they have downloaded the app) or after they create an account. The best approach, however, is to show most prominent benefits before registration.

Evernote does it in style.

Evernote

They show new users top three benefits of using Evernote and then ask to create an account. And once a user has created an account, a product tour begins.

This onboarding technique ensures that users get to know your app, why it is different, and what big problem it will solve. Make sure you represent a true picture of your app’s benefits at this stage. Don’t create unnecessary hype. Stick with your app’s true benefits that it will deliver. Else, users will churn immediately after sign up.

2. Persona-based onboarding

Your app targets different buyer personas. Using the same onboarding process for all the buyer personas you target won’t give that personalized feel to the users.

Your app could target marketers, designers, CEOs, and agencies. You have two options:

  1. Create a generalized onboarding process (probably to save cost) and use it for every single user.
  2. Create highly customized onboarding processes based on buyer personas.

Ask yourself, how you’d like to be treated if you used your app?

Persona-based onboarding will increase engagement because you’d be in a better position to communicate how your app can provide value.

Canva, for instance, asks its users what they need Canva for. You then get to see customized templates. If you choose small business, you’ll see pamphlets, banners, social media posts, etc.

Canva

It gets easier to help users achieve their first success with your app quickly with persona-based onboarding which happens to be a crucial factor whether a user will stay or churn.

3. Make first success easier to achieve

When a user downloads your app, there is something they want to achieve with your app. There is a reason why anyone on this planet will download an app. It could be to solve a problem, get information, for fun, or something else, and it’s up to you to make it easy for them.

The moment a user achieves their first success with your app (the reason why they downloaded the app in the first place), customer engagement increases significantly.

Customer Engagement

A user who achieves their first success with your app quickly is more likely to stay. If a user is unable to get that initial success with the app, they will churn.

Design onboarding process in a way that it helps users achieve their first success immediately when they first use your app. Clash Royale makes it super-easy for its users to achieve first success with the game. After sign up, users get straight into a mock battle.

Clash Royale

Users win their first battle right away and this is how they achieve their first success.

Clash Royale 2

Design your onboarding process in a way that it should push users get to their first success quickly. If you can do this, better retention will follow.

4. User guidance and/or tutorials

One common reason why app users don’t come back is that they don’t understand how to use it. A tutorial-based onboarding process seems to be a perfect fit for any app that guides users what they’re supposed to do to achieve first success and how to get started with the app.

Here is how Mailbox guides its users in eight quick steps how they can use the app. It doesn’t cover every feature; rather, it focuses on core features.

Mailbox

At this stage, you just need to guide users to get started; you don’t have to create a 20-step tutorial that will show them every single feature of your app.

While guidance is necessary, you have to leave room for exploration as this will increase engagement and app retention. There are several ways you can guide during onboarding process, such as:

  1. Interactive tutorials
  2. Coach screens
  3. Progress bars
  4. Tooltips
  5. Walkthrough
  6. Screen overlays
  7. Training videos

The above methods help teach new app users so they don’t feel left alone.

5. Simplify your sign up process

A sign-up or registration form is part of many onboarding campaigns. Sign up processes are used to capture leads, so they have to be simple, short, and should be used at the right time. Sign up processes improve conversion rate as well as user engagement. It has to be one killer sign up process that users cannot refuse to fill.

There are three different sign-up flows that you can use for your app, according to ConversionXL.

a. App access after complete sign-up

App access after complete sign up

This is the most used sign up flow where users have to create their account, verify their email address, and then they get access to the app. If you have a new and relatively unknown app, you don’t have to use this flow. Users won’t like getting registered upfront before seeing the app.

b. App access after minimal sign-up

App access after minimal sign up

Users have to enter their email address but they’re given access to the app immediately after they enter their email address. The sign-up process can be completed later. This sign up flow is conversion-focused and should be used when you’re running a mature app that people already know about.

c. Immediate app access

Immediate app access

This happens to be the best and recommended sign up flow where you give full access to your app prior to sign up. It works best for new apps because people get to see your app first and if it is appealing, they will sign up without hesitation.

Better yet, when you give full access to your app upfront, it lets users enjoy their experience resulting in better user engagement. Making sign up process optional is the best way to boost engagement as users get a chance to explore your app without any hurdles.

Pacer Pedometer app doesn’t bother its users with sign up requests. New users get to see their onboarding process by taking a tour of the app.

Onboarding example

If everything looks fine, users can sign up if they want.

Onboarding example 2

If you intend to double signups for your app and boost app engagement, the best way to move forward is to push your sign up process at the end of the onboarding process.

This isn’t all, the way how you create your sign up process will greatly impact user engagement. A long and lengthy sign-up form is something users don’t appreciate. Short forms always outperform long forms.

Short vs. long form performance

When creating sign up forms, make sure you keep them short and stick with the basic information. This is what makes users happy.

6. Push notifications

Do you use targeted and customer journey specific push notifications during onboarding process? You should because sometimes users need a push that will remind them of what they’re missing. Push notifications increase app engagement by a whopping 88%.

Push notification performance

Statistics also reveal that 65% of users return to an app within 30 days of receiving a push notification. Generally, sending push notifications increase app retention rate by 10x.

When it comes to sending push notifications to increase app engagement, you have a lot of options to choose from such as you can send reminders, send an update, send a goal, nudge users, and more. For instance, if a user hasn’t used the app after sign up, a push notification highlighting one prominent app feature might work.

7. Email series

On-screen guidance isn’t just enough, setting up an auto-responder to interact, train, and remind users during early days help boost app engagement. Emails also happen to be a part of your onboarding process. Sending an email to app users in the first week of installing the app increases customer retention by 130% in two months.

Email series

During those early days, new app users can get into several problems. You have to make sure they don’t stop using your app. Here is an email that Zapier sends to its users when they have issues getting started.

Zapier email

A personalized and targeted email like this is sure to bring users back. The purpose of your email follow up sequence should be to help new users get their first success with your app immediately and bring them back after they have gone through the entire onboarding process. The moment you leave them alone, they will churn.

Conclusion

A powerful user onboarding campaign won’t solve all customer engagement issues. It is just one way to boost user engagement, increase app retention, and to improve app stickiness among several others. These seven user onboarding techniques are sure to help improve engagement in those early days when users need you the most.

Don’t leave them alone when they need you, and they will not leave you when you need them.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2J0Eqdg

Countdown to GDPR #10: A GDPR Compliance Checklist By Brian Rutledge

We’ve made it all the way to number 10 in our blog series, and just in in time for Friday, May 25, 2018, the date the GDPR will become enforceable. But relax, we’re here to provide you with peace of mind in the last blog of our GDPR series with tips and pointers to keep you GDPR compliant — on May 25, and beyond.

ComplianceCheckListGDPR

Your GDPR Compliance Checklist

Let’s walk through the key GDPR requirements:

  • These two articles – the Right to Be Forgotten and Privacy by Design and by Default are amongst the most significant . Apart from checking that your product/service design takes them into consideration, your Customer Communication and User Experience should actively seek customer consent with clear affirmative action and active opt-ins.
  • Organization-wide training and education on the policies and implications and GDPR involving engineering, management, design and legal teams would help to kickstart and sustain your GDPR compliance. Even so, GDPR requires that you designate a Data Protection Officer (DPO) to manage the planning and implementation of GDPR-compliant data protection policies.
  • Update your Data Security and Privacy Policies to comply with the GDPR. The policies should be enforceable, concise and easy to understand.
  • Understand that GDPR protection spans all data “touchpoints” – collection, processing, transfer, manipulation and deletion. Data Transfers to third countries is permissible only if “adequate levels of protection” and “appropriate legal safeguards” are in place, as deemed by the GDPR.
  • Utilizing a new technology or process? Assess high-risk projects with a thorough Data Protection Impact Assessment
  • Understand well the GDPR Impact on SaaS Providers, particularly as “shared accountability” and “join liability” between data controllers and processors are strong buzzwords with GDPR.
  • GDPR Preparation in Practice? As of February 2018, all Spanning products and services are compliant with the GDPR. Here is quick overview of Spanning’s Preparations for GDPR.

Keep a GDPR requirements list close by!

As we have reiterated before, GDPR compliance is an ongoing journey and in many ways the interpretation of its articles will significantly evolve after it takes effect. So continue to keep a check on these aspects:

  • Keep an Eye on Data: Continue mapping incoming and outgoing data flows, and granularly account for specific data types. Determine what data is solely meeting a processing function, and where your organization is considered a controller of data.
  • Share Accountability: Coordinate with platform partners, third-party vendors, SaaS providers, etc. to ensure that the thread of compliance remains unbroken.
  • Put the Customer at the Center: Work with your customers via surveys and/or focus groups to get a better understanding and acceptance of what compliance means to them. Develop an internal process and solution to meet your customers’ needs while complying with the intent of the regulation.
  • Backup your Data, it is a Lifesaver!: GDPR mandates “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”, which is essentially having a reliable backup and quick restore solution. Data loss due to malware, human error or malicious intent is a growing threat, especially in view of compliance laws like GDPR.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2klc935