There is much talk right now across many industry verticals from Financial Services and Fintech to Transport and Retail about the General Data Protection Regulation (GDPR)
Many articles reference the significant fines of 4% of annual global turnover or €20 million, whichever is greater. Lots of references are being made to Customer Consent, The Right to Be Forgotten and Personal Information Data Security.
Beyond the fines, the buzzwords, what does GDPR mean for companies operating across the EU Member States? How can platforms like Xtremepush help get your house in order and thrive in this new environment?
For completeness I will firstly give a concise overview of GDPR, it’s implications, and then a high-level path to guide you through the challenges that it presents. It is worth noting that the legislation remains somewhat fluid at present until final transposition, and there are a number of points of ambiguity. That said, the key principles of the legislation are clear.
The GDPR legislates for the use of mobile devices, cloud-based solutions, data centers and the encryption of data regarding same. The GDPR is about the protection of Personally Identifiable Information Data (PII) and will be introduced unilaterally across all EU Member States in May 2018. It is important to note that the GDPR also requires data controllers and processors outside of the EU who offer products and services to EU residents, irrespective of whether or not data processing occurs in the EU.
Despite Brexit, GDPR will continue to apply to the UK.
Under the legislation, Data Processors are for the first time legally bound to comply with data protection requirements and direct enforcement by regulatory authorities that previously applied only to Data Controllers.
Key Principles of the GDPR
- Personal Information Data and Security
- Privacy By Design
- Obligations of Data Controllers/Data Processors
- Customer Consent
- Right to Be Forgotten
- Reporting, breach notification, and fines
- Potential requirement for a Data Protection Officer (DPO)
I’ll briefly explain the implications of each of these below (click to enlarge):
Xtremepush can help with your GDPR Compliance requirements
Here at Xtremepush data is right at the core of our business. We have developed a powerful platform which in itself addresses key GDPR compliance requirements, including a new module specifically for Customer Consent Management and Customer Data Management in the broader sense.
Our platform includes:
- Enterprise Grade security controls (passed multiple bank security tests)
- A Customer Consent module that enables real-time exclusion of Customer data across multiple channels, and an ability to manage Customer Consent not just at an individual level but also at a segment or group level if required.
- The platform has an inbuilt Real-Time Auditing Capability to report on Consent and PII data protection components.
- The right to be forgotten is enabled through the Customer Consent Management Module
- Our Agile Platform (cloud or on premise ) has been built with data protection and privacy rights at its core by design.
The architecture, controls and real-time auditing capabilities ensure that Xtremepush are perfectly positioned to manage your GDPR data protection, consent and right to be forgotten requirements, via a powerful, secure and resilient platform.
This is the first of a number of Xtremepush articles on GDPR. Over the next few weeks, we will publish further articles regarding GDPR, including updates on the GDPR legislation, the global impact of GDPR, use cases across a number of industries, and more details on how Xtremepush “Customer Consent Management” and “Customer Data Management” modules can help your business.