With reports showing an alarmingly high number of organisations either ignoring or putting off EU General Data Protection Regulation (GDPR) compliance, you’d be forgiven for thinking no one will be ready for the 25 May 2018 deadline.
However, the majority of organisations have been quietly preparing for the Regulation since it came into effect. Even though many of them still have work to do, they know what needs to be done and have a timetable for compliance. To help you understand what steps organisations have taken, CMSWire talked to a handful of organisations from across the globe:
Lewis Barr, general counsel and vice president of privacy at Janrain, said that the company conducted a gap analysis to highlight how it should separate its roles as a data controller and a data processor.
“We are a data controller with respect to the personal data we collect from business prospects and other individuals, such as those submitting their data on our website to request a whitepaper or sign up for a webinar, and we are a data processor with respect to the personal data we receive from our customers’ online properties and store for our customers as part of our services.”
The Copenhagen-based customer experience management company said it is reviewing its internal practices and product features. According to Ryan Donovan, senior vice-president of Sitecore, the organisation plans to “add new features to help our customers address GDPR compliance, including a renewed focus on personally identifiable information (PII).
“We are improving encryption (data at rest encryption) to personal data in the Sitecore Experience Database (xDB), and ensuring that specific features our customers may choose to implement in response to GDPR, such as [the] Right to be Forgotten and Data Portability, are supported.”
EJ McGowan, general manager at Campaigner, said the organisation has taken steps to support single and double opt-in consent.
“The platform will not send [messages] to customers who are in the ‘pending’ state of opt-in. For customers who may not have opt-in information, we currently provide all the tools necessary to reengage them. We are considering wrapping these tools into a specific feature for reengagement if we find it something that will help them in their businesses.”
Technology giant Oracle is working to put in place compliance measures for the organisation’s online marketing and advertising data. Its priorities are to:
- Review its systems and processes;
- Assess the GDPR’s enhanced privacy and security requirements;
- Improve its diligence process;
- Provide staff with awareness training and compliance guides;
- Look for new and revised guidance from data protection authorities; and
- Update its contracts and privacy policies.
How are other organisations’ compliance projects going?
Our 2017 GPDR Report goes into a lot more detail on organisations’ progress in complying with the Regulation.
We polled 250 of our clients to find out how many organisations are aware of their compliance requirements, how much they are investing in their compliance project, what steps they’ve taken and the biggest challenges they’ve faced.