webtrekk gdpr forum 2017 seminar session en
TRANSCRIPT
15.11.2017
Content
• Digitalization
• Privacy
• What is allowed?
• GDPR
• Examples and Putting it into Practice
• E-Privacy and Privacy Shield
• Next Steps
Are we ready for GDPR?
Dmexco, Debate, Live Poll 13.09.2017 14:05h: „Preparing for GDPR: Embracing the inevitable regulations“
96% think Digitization is important or very important - Webtrekk 08/2017*
*https://www.webtrekk.com/de/knowledge/studien-und-statistiken/digitalisierungsstudie-2017/
Top Chances Top Challenges
1. Improve data quality by using a Cross
Device Bridge to enable a full view on the
users
1. Enable the employees to be part of a
digitized company by improving the needed
competencies
2. Focus on the ability to transform data in
realtime
2. Enable the needed amount of budget
and allocate it to the right digitization
projects
3. Protect the company‘s data in the
process of collecting and transforming it
against 3rd Parties
3. Protect the data of your customers for
data privacy reasons
http://www.zeit.de/wirtschaft/unternehmen/2017-06/eu-kommission-wettbewerbsstrafe-von-2-42-
milliarden-euro-gegen-google
In 2016, privacy will move from a
niche consideration to a value to
which customers will respond.Forrester-2016-AOC-Predictions
https://privacy.google.com/businesses/
https://www.webtrekk.com/de/knowledge/blog/
Do it…
What if not…
May 25th 2018
Persistent value add
Persistent value loss
*Forrester-2016-AOC-Predictions
What is allowed? What is not allowed?
Allowed without
further actions
General Expectation Information duty Enter objection
(Opt-Out)
With active consent
(Opt-In)
forbidden
Tracking of
anonymised
data just for
statistical
research?
Creating
pseudonymized
profiles by using 1st-
Party Data to contact
the data subject?
Creating
pseudonymize
d profiles by
using 3rd-
Party Data to
contact the
data subject?
GDPR
▪ 25.05.2018: GDPR becomes law
▪ Ensuring data privacy and availability in the EU market
▪ Goal: Standardization of handling PII within the entire EU (Replacement of the EU data privacy regulation of 1995)
1995 ...
Penalty: Violation of GDPR
▪ 20 million € or 4% of yearly revenue
▪ Lawfulness, fairness and transparency
▪ Accuracy
▪ Purpose limitation
▪ Data minimisation
▪ Storage limitation
▪ 10 million € or 2% of yearly revenue
▪ Integrity
▪ Accountability and confidentiality
▪ Penalty can be charged per violation
▪ Violation has to be brought to the attention of the data protection authoritywithin 72h
Penalty – What if ...?
Revenue 2016:
Profit 2016:
4% YR or 20 Mil €:
2% YR or 10 Mil €:
3 Bil €
200 Mil €
120 Mil €
60 Mil €
200 Mil €
5 Mil €
20 Mil €
10 Mil €
800.000 €
20.000 €
20 Mil €
10 Mil €
https://www.golem.de/news/datenschutz-real-will-keine-gesichter-mehr-scannen-1706-128627.html
http://www.ndr.de/nachrichten/niedersachsen/hannover_weser-leinegebiet/Strafanzeige-real-analysiert-Kunden-per-Video,gesichtserkennung110.html
• Uncertainty about ePrivacy leads to pilot projects in companies
• Granular Opt-In common
• Allows clear, specific and customized setting options
https://datareality.eu/en/granular-opt-in/
Granular Opt-In
https://datareality.eu/en/granular-opt-in/
https://datareality.eu/en/granular-opt-in/
ePrivacy Regulation
planned to become effective together with GDPR
regulation and Lauristin-report approved in late October
PrivacyShield
• Data privacy agreement between EU and USA
• US companies can certify themselves to show that they are in compliance withEU data privacy: PII of Europeans sent to US companies is protected
• Criticism: not EU data privacy regulations compliant
• 09/2017: first yearly review
• Review results: “adequate“ protection – corporate adoption not on the level itshould be, not enforced by US
What now?
Audit of
▪ Existing contracts
▪ Existing data (PII now?)
▪ Data privacy statement
▪ Documentation
▪ Data security
▪ Inform customers
▪ Enable Opt-Out
▪ Collect Opt-In
▪ Raise attention throughout company
▪ Plan ahead for emergency situations
Plan
ExecuteAnalyze
Optimize
539 191
25.05.2016 25.05.2018
Update 15.11.2017
539 191
24.05.2016 25.05.2018
730 days time – now only 191…
Webtrekk GDPR Audit
✓ Audit of your analytics setup
✓ Ongoing GDPR consulting
✓ Transparency on data privacy
Get in touch with us now