Using automated consent management solutions, organizations can document and provide evidence that you have the necessary consent, with the administrative, contractual, economical downsides and risks associated
It took four years of intense debate and preparation to finally approve the General Data Protection Regulation (GDPR). As the enforcement date approaches, global organizations operating in the EU are aligning their efforts to harmonize their data privacy and comply with the set standards. Microsoft and SAP have taken the correct measures to be GDPR compliant. However, 60% of companies have not taken the same initiative. Secureprivacy.ai is currently one of the only GDPR solution companies, which has received legal validation from EU lawyers. The new privacy requirements will be enforced as of May 25, 2018.
What you need now in 2018?
Automate your GDPR compliance with built-in tools and technologies that allow users to opt-in and opt-out of previously given consent in just one click and enable administrators to extract reports with visual screenshots of consent provided. All this ensures compliance without having a UX nightmare! Read how Securityprivacy.ai can help you overcome the GDPR-UX challenge.
On May 25, 2018 the EU will enforce the General Data Protection Regulation, which protects the rights of EU citizens to control their personal data.
Under the new requirements, any company that deals with private data from an EU citizen will need to follow the GDPR, which includes companies from around the world.
GDPR and Automated Consent Management
To understand how an automated consent management solution company can help organizations comply to new data privacy regulations, I spoke to Dan Storbaek, CEO and Founder of Securityprivacy.ai.
Tell us about the idea behind starting an automated consent management solution company?
Dan Storbaek: We run another company and were faced with GDPR ourselves. We have deep experience in software, technology and design. Therefore, it was a natural step to build a solution that would not only have the functionality and make us compliant with privacy laws, but one that’s also attractive and well designed. A solution we’d love to see on our own as well as clients’ websites.
The key challenge is to take something as complex as GDPR and make it simple. The gathering of consent becomes tricky when consent has to be specific, unambiguous and easy to understand. On the one side, we have to help companies become compliant. On the other side, we have to avoid an UX nightmare. So, working with some of the best designers and developers on this planet we have formed Secure Privacy and we’re now in the forefront of this industry.
What are the imminent challenges for businesses in the post-GDPR months?
Dan Storbaek: There are a staggering number of challenges facing small and large companies. Let me highlight a few key ones:
- GDPR is the “New Normal”: It affects both the small local micro business with an online website and the large multinationals with worldwide presence. It goes beyond EU and targets any company in the world with EU private data. Many people compare GDPR to Y2K. They are getting same media attention – and hysteria. But GDPR is more significant than Y2K as Y2K was a one-time fix (once solved, all good) and GDPR is a “new-normal” era and poses a permanent risk. While Y2K was mostly a technological issue, GDPR is an organizational issue.
- A “New Marketing Mix”: Marketers worldwide will have to think GDPR in their marketing mix moving forward. Behavioral- and transactional data are rich sources of private data and companies have to rethink how to acquire, use and share data. Let me give you an example: You have outsourced your Facebook advertisement to a marketing agency. They target ads based on profiles, which match those on your mailing lists. In this case alone, you’re both handing over data to 3rd party, but also profiling users and visitors. As a data controller, you are under maximum legal pressure to honour data subject’s rights.
- Goodbye Big Data. Hello Lean Data: Was Big Data just disrupted by regulation? No. But just collecting data for the sake of big data is a recipe for disaster. Going forward data collection must have a specific and stated purpose. I much prefer to think of data collection in a GDPR area as becoming Lean. Ask yourself the Why -> What -> When -> Where questions when dealing with data.
- The dead of cookie banners as we know them. Let’s realize the problem with cookie banners. When everybody puts up generic banners on their websites, companies can write anything in their privacy policies, and nobody notices if something is wrong. Moreover, GDPR doesn’t care about cookies. It cares about data, and data can equally be stored in a plugin, through a form link etc. For this, you have to install granular notifications and avoid implied and pre-selected options. Our solution is designed and engineered to help our clients with this.
- Documentation of consent: Are you documenting user consent today? Most companies are not. This will be mandatory with GDPR. Are you using e.g. screen- grabbing technology to do so? It might be wise to implementing a solution, which does this for you.
- The replacement of the cookie law: The upcoming ePrivacy regulation is yet to be finalized as it has caused quite some controversy. But what is known as the cookie law will be replaced by a new regulation – it’s only a matter of time.
How would adopting GDPR impact B2B relations, even as users choose to opt-out their consent from the website?
Dan Storbaek: Marketing to existing customers can qualify as legitimate interest, but not when you use third-party data. You need to be able to document and provide evidence that you have the necessary consent, with the administrative, contractual, economical downsides and risks associated.
Now, assume that a customer or user enforces her or his right to be forgotten. Then you have to delete all data records. If you received or shared the data to or from third party, you have to inform them about the erasure of the personal data unless it is impossible or involves disproportionate effort to do so.
With GDPR as the new normal, we are bound to see more creative use of marketing and advertisement. As companies already have a relationship with their customers, many will seek to expand on existing legitimate interest, which will be both lawful and provide the fastest ROI to expand on existing customer base where possible. This will also allow you to gain consent that you might be lacking.
While GDPR will impact B2B relations, it is also a perfect opportunity to increase data quality, build customer trust and finding lawful marketing processes with high ROI.
How do you see the automated consent management platforms evolving with the introduction of GDPR? What’s the next frontier for your platform?
Dan Storbaek: With GDPR, we’re now moving into more granular notifications that are more specific and easy to understand. At the same time, data controllers have a significant responsibility to document and be able to provide evidence of proper consent. While the upcoming ePrivacy regulation remains to become final, we will most likely see a mix of consent management handled from software, e.g. Internet Browsers, and Individual Websites.
Our platform is moving into Machine Learning and AI. For us, the Holy Grail is taking complex legal work and simplify it with technology. We are moving into machine learning and AI, which allows us to collect publicly available data about regulations, industries, language etc., and provide automated consent management optimized towards different audiences.
How Security Privacy Works on your Website?
In 2018, the target for every organization would be to make the website GDPR-compliant, showing necessary documentation upon request such as IP address, location, and more. Secureprivacy.ai has developed an automated consent management solution that provides companies the tools they need to keep their website GDPR compliant.
Secureprivacy.ai has developed an automated consent management solution that makes your company website compliant to GDPR regulations.
Once a company signs up, Secureprivacy.ai documents all their visitors consent on a dashboard. When a user agrees to consent, a seamless screen grab will be saved as documentation on the dashboard.
Companies can keep track and document all their consents, IP addresses, locations and manage visitors. These features help companies avoid a UX nightmare and fines.
GDPR Solutions Powered by Artificial Intelligence
Secureprivacy.ai has become the leader in GDPR solutions—with features like deep web scanning, an intelligent consent management platform, 1-Click opt-out features and more. Upcoming features will be automated GDPR compliance based on artificial intelligence.
When you sign-up for Secureprivacy.ai, there is a four step onboarding process and then you install a script onto your website. You only need to install this script once, and your company will be GDPR compliant online.
Secureprivacy.ai documents all of your visitors consents on your dashboard. When a user agrees to consent, a seamless screen grab will be saved as documentation on your dashboard. The dashboard allows you to keep track and document all of your consents, IP addresses, locations and manage visitors.
With Secureprivacy.ai, companies avoid a UX nightmare by using granular notifications. Which can be setup on different pages and with different triggers?
Users can also opt-out from their consent from the website, which is another important requirement by GDPR.
You can also export visitor and consent data for business purposes or to provide to authorities.
How GDPR Apply to US-based Companies
In essence, GDPR is applicable to organizations worldwide that deal with private data from EU citizens and is enforceable by law. So, if you run a startup based in Silicon Valley and you have a German consumer on your mailing list, then you are applicable to GDPR. If you run a SaaS platform and receive signups from Denmark, you’ll be applicable to GDPR.
Non-compliance to GDPR Would Earn Hefty Penalties
Companies can be fined up to EUR 20 Million or 4% of Annual Global Turnover – whichever is greater. Note, it’s turnover, not profit.
Secureprivacy.ai started in February, 2017, when Dan Storbaek faced the issue of having to implement GDPR in his own company within the next 1-5 years. The product is designed and built by experienced lawyers, designers, developers and management consultants. They also found themselves needing an automated and simple solution to staying compliant with GDPR and privacy regulations. They foresaw the potential issues down the road once the new rules rolled out.
Currently, Secureprivacy.ai helps organizations make their website GDPR & Data Privacy Compliant. Established by Dan Storbaek, former CEO at Skarpline and management consultant, board member at IoT People. You may use Secureprivacy.ai to scan your website for legal risks, plugins and data that make your company non-compliant or at risk of becoming. Use this information to setup intelligent banner notifications on different pages using different triggers.
