All I want for my birthday is GDPR compliance
We’re on the home straight with the General Data Protection Regulation (GDPR).
For online publishers, the challenge is mighty. With both user and partner data to consider, transparency is key.
But the attention to detail going forward will ensure that readers have a higher level of protection than ever before.
So as implementation day (25 May) coincides with my birthday, I’ve used this year’s wish list to set out my hopes for the impending regulation.
First stop: your own data
By this point, I hope that all businesses will have reviewed their data processes.
Publishers, website owners, and content creators need to ensure their own company’s commitment to the GDPR is watertight.
This means considering where your data is coming from, how this data is being used, and where this data will then be stored – plus documenting the data is essential.
Third-party data
I’d hope that companies will not just confirm their own compliance, but check those firms they work with too. This means understanding what data you collect and who you allow to collect this data.
Not all your existing contracts and agreements will need to be changed, but you will at least need to review them with your GDPR hat on.
It would also be worth considering evaluating fraud prevention vendors and advertising partners as part of this process. Questioning now could save you a significant amount of money down the line.
The data chain
You know everyone you work with is clear when it comes to GDPR obligations, but what will you do when something slips through the net?
Make sure you know who is responsible by using openly available tools like Ghostry to analyse who is farming data from your site.
Calling for consent
It may sound obvious, but users should understand what data you’re collecting, when, and how you’re going to use it. This will be the main concern for those who use your services – from subscribers to one-off visits via social platforms.
If your content consumer is EU-based, they have the right to prevent publishers from collecting and using their personal data.
But this is not a European issue, it’s a global one – no matter where the publisher is actually based, consent must be obtained from all users.
Privacy policies will be updated
This the perfect moment to ensure you have an up-to-date and comprehensive privacy policy.
It’s of the utmost importance that publishers, websites, and content owners disclose exactly what data they will collect, why, and who will also be able to collect their user data through their publishing platform.
I’m hoping that, come my birthday, the industry as a whole will have taken steps to ensure they protect personal, private, confidential, and sensitive data transacted on their sites.