GDPR AND WHAT TO DO?
This is what Wikipedia tells us:
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Unlike a directive, it does not require national governments to pass any enabling legislation and so it is directly binding and applicable.
This sounds both difficult (and fun) right? But what is the Dekode view on this? I took a quick chat with with our CEO Rune Yndestad Møller, developer Bjørn Johansen and HR Operations Manager Hillevi Røstad to find out more.
Q: Ok people … GDPR is coming! What to do before the enforcement date: 25 May 2018?
Rune: First off all I just want to say that Dekode is applauding this, and we think it is a good thing for the citizens in the EU. Individuals gain more control over their own data and decide what they want to share. Personally I think this is moving in the right direction, unlike what is happening in the US, where data is becoming more and more big business. The GDPR moves the balance of power slightly back to the consumer.
Q: So, what do we tell our clients now?
Hillevi: We haven’t got that many inquiries from our customers yet. But they should take this seriously off course. Time is slowly running out, and the sooner they get in touch, the better.
Rune: It is our clients that holds the strongest legal competence inside their own company that are the ones in front on this matter. We have a close dialogue, exchanging forms and so on. I feel that there is a great awareness about this, but still there probably is a few unanswered questions. What does this mean in practice? How will this affect our business? But all in all people should just sit down together and take care of it, it is not rocket science, but it may change the structure in some companies.
Bjørn: I believe that people need to start thinking differently, especially within marketing. This could be a fundamental change in the way some marketers work. Not so long ago the marketing-mantra was that everything had to be tracked all the time, no matter what, if you don’t track your customers you will fail, and big companies having a bunch of people just following leads from websites and making cold calls minutes after you had been on a website. That belongs to the past now. Change is coming with the GDPR.
Q: And that is a wonderful thing right?
Bjørn: I think this is great. You wouldn’t believe how many privacy blockers and anonymity-stuff i have installed on my computer. After a while i got so many warnings I had to disable all the notifications from them. It became unbearable.
Rune: But who are the worst in tracking and gathering data?
Bjørn: The most innocent e-commerce sites or small webshops are the sometimes worst, companies just selling things on the Internet. They have done it all and done it “right”. With three or four different programs for analyzing, HotJar, Crazy EGG, Facebook Pixel, double click ads and the list goes on and on. They have to re-think and re-organize, but I am not saying all data collection is a bad thing, sometimes this can be helpful for both consumer and company. If you are looking for clothes to your 8 year old son, you want to have easy access to that when browsing the web shop, and you don’t need pink ballerina tutus, or maybe you do. And that is okay of course, but you get my point.
Hillevi: For our clients and where we probably have to do most of our job is with the consent forms. A quick, but necessary fix. They have to make sure they gather only the data they have right to.
Rune: I agree. There is some work that has to be done with the forms and to formulate them. We can help our clients with the forms, but we are not responsible if a client sends out spam to their customers. We have to make our clients compliant with the system they get from us.
Bjørn: It is also important to remember that you now also have the right to withdraw your consent, as a customer and individual. As a company you have to deal with that too.
Q: What do we do internally at Dekode?
Hillevi: Internally we have to do our mapping properly.
Rune: As a company we have to be compliant too off course, but also help our clients with their needs. But we can only do so in the solution we have delivered.
Bjørn: The first thing we did here was to sit down with an excel sheet and write down all the different systems we used. I think we had forty different systems all together.
It really isn’t too difficult. It just has to be done.
Hillevi: But to make this a bit clearer… First things first. What you should do is:
- Map the data you have stored
- Ask yourself do we really need this data
- Why do we need it?
- Who has access to the data and for how long
- Keep it simple
- Contact us if you need help
Bjørn: Documentation is key here. You need to have documentation on when and what and where regarding the data you have collected. Some data you have a legal right to store, for things like accounting. That being said, the consent forms will help you with that issue, but first you have to create the forms.
Rune: I agree. This is important and has to be done, but it is not that difficult really.
For some this might affect their business model and they have to adapt in different ways, but most importantly this just needs to be taken care of.
Bjørn: For us it is quite simple actually. We use one system, and one system only. WordPress. We can help you with that.