15.11.2017

Content

• Digitalization

• Privacy

• What is allowed?

• GDPR

• Examples and Putting it into Practice

• E-Privacy and Privacy Shield

• Next Steps

Are we ready for GDPR?

Dmexco, Debate, Live Poll 13.09.2017 14:05h: „Preparing for GDPR: Embracing the inevitable regulations“

96% think Digitization is important or very important - Webtrekk 08/2017*

*https://www.webtrekk.com/de/knowledge/studien-und-statistiken/digitalisierungsstudie-2017/

Top Chances Top Challenges

1. Improve data quality by using a Cross

Device Bridge to enable a full view on the

users

1. Enable the employees to be part of a

digitized company by improving the needed

competencies

2. Focus on the ability to transform data in

realtime

2. Enable the needed amount of budget

and allocate it to the right digitization

projects

3. Protect the company‘s data in the

process of collecting and transforming it

against 3rd Parties

3. Protect the data of your customers for

data privacy reasons

http://www.zeit.de/wirtschaft/unternehmen/2017-06/eu-kommission-wettbewerbsstrafe-von-2-42-

milliarden-euro-gegen-google

In 2016, privacy will move from a

niche consideration to a value to

which customers will respond.Forrester-2016-AOC-Predictions

https://privacy.google.com/businesses/

https://www.webtrekk.com/de/knowledge/blog/

Do it…

What if not…

May 25th 2018

Persistent value add

Persistent value loss

*Forrester-2016-AOC-Predictions

What is allowed? What is not allowed?

Allowed without

further actions

General Expectation Information duty Enter objection

(Opt-Out)

With active consent

(Opt-In)

forbidden

Tracking of

anonymised

data just for

statistical

research?

Creating

pseudonymized

profiles by using 1st-

Party Data to contact

the data subject?

Creating

pseudonymize

d profiles by

using 3rd-

Party Data to

contact the

data subject?

GDPR

▪ 25.05.2018: GDPR becomes law

▪ Ensuring data privacy and availability in the EU market

▪ Goal: Standardization of handling PII within the entire EU (Replacement of the EU data privacy regulation of 1995)

1995 ...

Penalty: Violation of GDPR

▪ 20 million € or 4% of yearly revenue

▪ Lawfulness, fairness and transparency

▪ Accuracy

▪ Purpose limitation

▪ Data minimisation

▪ Storage limitation

▪ 10 million € or 2% of yearly revenue

▪ Integrity

▪ Accountability and confidentiality

▪ Penalty can be charged per violation

▪ Violation has to be brought to the attention of the data protection authoritywithin 72h

Penalty – What if ...?

Revenue 2016:

Profit 2016:

4% YR or 20 Mil €:

2% YR or 10 Mil €:

3 Bil €

200 Mil €

120 Mil €

60 Mil €

200 Mil €

5 Mil €

20 Mil €

10 Mil €

800.000 €

20.000 €

20 Mil €

10 Mil €

https://www.golem.de/news/datenschutz-real-will-keine-gesichter-mehr-scannen-1706-128627.html

http://www.ndr.de/nachrichten/niedersachsen/hannover_weser-leinegebiet/Strafanzeige-real-analysiert-Kunden-per-Video,gesichtserkennung110.html

• Uncertainty about ePrivacy leads to pilot projects in companies

• Granular Opt-In common

• Allows clear, specific and customized setting options

https://datareality.eu/en/granular-opt-in/

Granular Opt-In

https://datareality.eu/en/granular-opt-in/

https://datareality.eu/en/granular-opt-in/

ePrivacy Regulation

planned to become effective together with GDPR

regulation and Lauristin-report approved in late October

PrivacyShield

• Data privacy agreement between EU and USA

• US companies can certify themselves to show that they are in compliance withEU data privacy: PII of Europeans sent to US companies is protected

• Criticism: not EU data privacy regulations compliant

• 09/2017: first yearly review

• Review results: “adequate“ protection – corporate adoption not on the level itshould be, not enforced by US

What now?

Audit of

▪ Existing contracts

▪ Existing data (PII now?)

▪ Data privacy statement

▪ Documentation

▪ Data security

▪ Inform customers

▪ Enable Opt-Out

▪ Collect Opt-In

▪ Raise attention throughout company

▪ Plan ahead for emergency situations

Plan

ExecuteAnalyze

Optimize

539 191

25.05.2016 25.05.2018

Update 15.11.2017

539 191

24.05.2016 25.05.2018

730 days time – now only 191…

marcel.martschausky@webtrekk.com

sven.kliem@webtrekk.comwww.webtrekk.com

Webtrekk GDPR Audit

✓ Audit of your analytics setup

✓ Ongoing GDPR consulting

✓ Transparency on data privacy

Get in touch with us now