And was the lockdown the ideal time to prioritize your GDPR compliance projects? More time, better team availability, a context conducive to reflection… Here’s why you should take advantage of the opportunity to meet the GDPR compliance challenge and protect your data.
Aim for global GDPR compliance.
Two years after the urgency of the European Data Protection Regulation came into force, it disappeared.
It’s time to take stock. GDPR compliance may have taken urgent actions and is not entirely orthodox. As examples, here are a few pearls:
- The renewal consent email. All prospects were informed that they agreed to be solicited! Can we ask for their opinion?
- The website’s privacy policy. It’s a great pride. It needs to be more readable and complete, and no one will read it… But now, it exists!
- Database encryption. No matter what data we have, as long as it’s in the cipher, everything is fine…
After the panic of the beginning, the lockdown is the right time to get started. And aim for a more global and complete compliance with the personal data processing you carry out.
Train employees on GDPR compliance.
The lockdown has slowed down business activity.
- No commercial exhibitions to visit;
- No external client meetings;
- Fewer projects to launch, a more relaxed schedule.
Whether your employees work remotely or go to the office every day, they are all in a comparable situation:
- They have time… Sometimes, a lot of time…
- They are easily reachable at the same time. For the first time?
- So, it’s the perfect time to train them to adopt the proper practices in terms of data protection.
Therefore, take out that e-learning module you always dreamed of (primarily your data protection officer/DPO…).
Make quizzes and awareness modules.
A big challenge for GDPR compliance: widespread telework
Due to the lockdown, your premises have emptied. Very few people come to the office anymore. It’s widespread teleworking, and yet, business continues.
- Each employee accesses instant messaging and can chat with colleagues;
- Everyone can find their work documents on shared networks.
It’s fantastic… Everything is taken home: routine tasks, business, security loopholes… Yes, because if your information system has vulnerabilities, each teleworker multiplies them.
That’s why the lockdown is also an opportunity to ensure that basic measures are in place. Keep your teams from becoming the weakest link in security.
A constantly growing cyber risk
Oh, you have a guest for dinner tonight? Don’t you see it? Your windows and door are closed?
Look at your PC… Bravo. You guessed it: this guest is the hacker.
Cyberattacks have been exploding for several years. Ransomware, phishing, scams, and malicious traffic, attempts to intrude into your systems… Everything is done to take advantage of your teams and infrastructure.
Another reason to rethink the security policy practiced in your company. An effective GDPR compliance policy will rely on a solid security foundation.
Prepare for the post-lockdown world with GDPR compliance
The coronavirus has forced you to find new collaborative remote work methods and rethink your priorities.
Yesterday, everything was urgent. Today, everything is less critical…
Of course, the first challenge for you will be to restart the machine and find a reassuring cruising speed. But beyond that, this collective lockdown we have experienced will call for fundamental changes.
And to change things, you must first… know things…
This knowledge is more easily obtained as part of a compliance plan with GDPR. Why? Because it’s about identifying all the risks and prioritizing actions to reduce the most pressing ones.
For this, you need a global vision of the personal data processing carried out in the company. Be transversal, go beyond the silos, and break down the barriers (figuratively speaking) to identify all the data risks and prioritize the actions to reduce the most pressing ones.
The GDPR is, therefore, a facilitator and accelerator of the digital transformation of companies. It also helps to modernize and simplify processes.
Master your risk during confinement, review suppliers
You have time, so take advantage of it!
Confinement is conducive to reflection and assessment. Why not take the opportunity to review your supplier park?
Does it still make sense to outsource such a service? Does your supplier share your values?
And precisely, among the values is the level of data protection that the provider processes on behalf of your company.
Remember, when you subcontract a service, you do not delegate compliance management. The subcontractor only applies your instructions. You remain responsible for the processing.
If your subcontractor has an insufficient data security policy, a data breach from their databases may be attributed to you.
Adapt your communication to the confinement period
Special confinement offer! -10% off for entry into our amusement park! And for one night purchased in our hotels, an additional -10%!
If this advertisement were broadcasted now, would it seem relevant to you?
Confinement requires you to rethink how you communicate with your audience, prospects, and customers. This applies to both commercial prospecting and crisis or regular communication. You must review the messages, communication opportunities, channels, and modes.
Even the way you manage your databases needs to be reviewed.
So, you can take advantage of the confinement to:
- Clean up your databases, remove unnecessary or obsolete data, and update your data;
- Renew the consent of your prospect database and only communicate with those who accept it in the future;
- Improve the handling of complaints related to personal data, and formalize a process.
E-privacy, down with the cookie: place for other communication methods?
Increasingly, you will have to submit the deposit of your cookies to a prior authorization principal.
This will begin a data collection based more on quality than quantity. And it will undoubtedly make the personalization of offers and content more relevant.
So, let’s talk about it. Is this an opportunity to redirect your marketing efforts toward other channels? Should you prioritize traditional emailing over display retargeting or email retargeting?
And why not focus on pull, inbound marketing?
Growing demand for transparency and GDPR compliance
Your customers and prospects are increasingly concerned about the protection of their data. This gives you obligations.
Because it is a vector of concern, a source of questions, and even claims to your customer service. A media scandal can also encourage your customers to delete their accounts or unsubscribe from your databases.
An example? Sharing data with third parties.
Your users want to know what will be done with the data they entrust to you. They may be offended if they discover that it is transferred to other players. And push you to explain yourself about it.
More than saying that it was stated in the privacy policy is required.
It may be necessary to deploy a more pedagogical and in-depth communication, explaining to whom the data is communicated and why.
If it was about monetizing a database, even in an anonymized form, public reactions might eventually call into question such a practice, even if it is legal.
In conclusion, take care of your data processing during this widespread confinement.
Use this time to improve GDPR compliance, enhance cybersecurity measures, review your communication strategies, and reassess suppliers. The benefits will not only be seen during this confinement period but will have long-lasting effects on the success of your business.
