Basically, these rules say that services which collect data from users should have more restrictive privacy settings concerning personal information by default and additional collection of data should all be opt-in features and not the current opt-out situation. The review included complete auditing of documentation, assessment of anonymised data, security standards, software architecture, disaster recovery and our overall business operations.
Two main groups will be affected by GDPR: "controllers" of data, and "processors" of data.
Marketing emails sent to a "general" company address will fall outside of the scope of GDPR - as there is no personal data involved and the person (s) behind the email address can not be identified.
But establishing whether a company in Cayman will be subject to the provisions of GDPR is not as straightforward as simply performing an audit of clients to see if any are located in the EU.
According to SAR guidelines from the ICO, an individual should have the personal data held on them described, be told whether their personal data is being processes, be told why it's being processed, be told if that data is being sent anywhere else, and be given a copy the data and details of its sourcing. In fact, it seems Facebook is preparing to keep European data in Ireland and move everything else to the United States to avoid having to follow GDPR unnecessarily.
Facebook is now going through the worst user privacy crisis in its history.
So, if a company based in Cayman has any European Union customers or engages in direct marketing activity there which could collect personal information, they would need to comply with the European Union directive. For e-commerce companies, the toughest thing to control, are their software vendors, the data processors. Gaining consent and providing a dashboard for the ongoing management of this data is the optimal method of engaging customers easily. We've also explained your choices and the control you have over your information.
Consent is no longer static, so organisations need to provide options to make it is as easy to withdraw consent as it was to give it.
Twitter is public, so why are we talking about privacy?
Brands that rely on consumer data for market insight or revenue will need to establish a better deal for consumers in order to retain access to their data.
Meanwhile, one third of all respondents said that they are just over half way to compliance with the rules that come into effect on May 25.
This is perhaps one of the reasons why social media brands are less trusted than other services. This compares unfavourably with banks and credit card companies, who are trusted by 82% of United Kingdom consumers. Whatever sector they are in, companies can learn from this and look to harness the level of trust that's achieved by a more concrete and transparent relationship.
The certification we achieved, which lasts for three years, enables all Exponea customers to use the platform, safe in the knowledge that its omnichannel communications capabilities remain in full compliance.
That appears to include new rights afforded by the GDPR, including the idea of data portability and erasure. Is it still being used for the goal it was originally collected for?