What is GDPR? – Why You Need to be Compliant
August 3, 2017
Data Privacy compliance will be changing as we know it and is right around the corner. Recently, several EU member states created a document containing detailed and strict enforcement guidelines for data privacy and compliance.
The General Data Protection Regulation (GDPR) was made to outline and influence how data privacy and protection should be standardized worldwide. Moreover, this does not just apply to EU member states, businesses, and organizations, but for any organizations outside of the EU that capture or process the personal data of EU-based consumers.
The regulation will be in effect officially on May 25th, 2018. Non-compliance can also cost an arm and a leg: €20 million or four percent of annual global revenue, or whichever is higher.
The GDPR will change the way data is captured, processed, and handled in general. In a world where many believe data privacy needs to be improved, the GDPR has created a precedent that will force businesses and organizations to be compliant. One way to create a stopgap for GDPR (and for future compliance) is through Gigya’s cIAM platform, which offers standard default functions to ensure that all aspects of data compliance in relation to GDPR are checked off for your organization and protect the user’s Personally Identifiable Information (PII).
Personally Identifiable Information (PII), a commonly used term in North America, refers to a relatively narrow range of data such as name, address, birth date, Social Security number, and financial information such as credit card numbers or bank accounts.
Personal data, in the context of GDPR, however, covers a much wider range of information. The definition includes all tracking data which enables identification of consumers. For example, the aspect of “indirect identification” means that data gathered using cookies could be considered personal data. Also included in the definition are social media posts, photographs, lifestyle preferences, transaction histories and IP addresses.
Consumers Perception on Privacy
Gigya collected data from a 2017 survey which asked how consumers felt about their data security. There were over 4000 participants in North America and the UK and the findings are significantly one sided.
• 68% of respondents from a 2017 survey conducted by Gigya do not trust brands to handle their personal information, from name and email to location and marital status.
• 69% are concerned with device security and privacy with the increased adoption of IoT devices
• 70% of respondents use 7 or fewer passwords across their devices which are an indicator of poor password habits
Fortunately, Gigya cIAM now offers an easy transition for businesses who must be compliant with the GDPR regulations while offering peace-of-mind to consumers. Through the integration and partnership capabilities of Trew Knowledge and Gigya, we are leveraging these new regulations by encouraging consumers to identify themselves online with the promise of fair data regulation, trust, and security. GDPR will require that personal data compliance is consistent through every stage of the buyer journey, meaning your organization is covered.
How to be Compliant
Gigya offers a variety of functions and services, establishing your organization as a compliant and trustworthy business. They do so through their new Privacy by Design Progam, specifically created to prepare organizations for GDPR. Among other things, the Privacy by Design Program helps organizations understand how user data is processed and stored. Privacy by Design looks to address the following items:
• Ensuring proof of consent is stored for specific versions of Terms of Service (TOS)
• Ability to re-grant consent if TOS is changed
• Detecting customer age for legal age of consent compliance which also includes parental consent
Customer Data Control
• Complete consumer control over their personal data, allowing them to easily view, freeze, download or delete their personal data.
• Regional Data Localization laws, such as the Russian Federations Personal Data Protection Act, require businesses that are collecting personal data from that country to process and store the data in the same county. Gigya makes it easy to address this issues, with data centers across North America, Europe, Russia, China, and Australia.
• Gigya manages TOS for more than 25 social networks
• Syncs personal data between profiles and social networks in real time
• Deletes all non-public data based on the customer permissions
Data Privacy Regulations
• Enables businesses to provide default support for Registration-as-a-Service (RaaS) for quick and easy to use opt-in and opt-out options.
• Allows businesses to create and modify custom rules specific to a particular country’s laws and regulations
• Provides age restrictions and legal age of consent options specific to a country while removing records of individuals below the age of consent automatically
• Gigya provides out-of-the-box solutions for those that are visually-impaired which allows users to navigate online properties using their keyboard. Gigya is compliant with Web Content Accessibility Guidelines (WCAG) and the Americans with Disabilities Act (ADA).
It is difficult to determine how much of an impact GDPR will have on data compliance once it takes effect. However, it seems very likely that digital aspects of businesses will change considerably. Check out this article on website accessibility requirements.
Our goal is to help you become compliant and to make sure that your business is within the regulations of GDPR, provide your consumers with full control of their personal information and the permissions surrounding their account. Through Gigya’s CIAM platform, we can create flexible, scalable, and secure customer identity management solutions that build trustworthy and lasting customer relationships.
Disclaimer: We are not lawyers. This information is in no way intended to be interpreted as legal advice and is intended to assist with providing a basic understanding of the regulations. Consult your legal representation on compliance requirements for your organization.