PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
Marketing under the GDPR: What You Can and Cannot Do 17 January 2018
© 2018 TrustArc Inc Proprietary and Confidential Information
Today’s Speakers James Koons Senior Consultant, TrustArc
Darren Abernethy Senior Global Privacy Manager, TrustArc (Moderator)
2
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Today’s Agenda • • • •
3
An Overview Data Statistics The GDPR’s Impact on Marketing Practical Tips for Marketers
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents © 2018 TrustArc Inc
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
A Quick Overview
4
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Overview
Source: TrustArc/NCSA
5
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Some Fast Facts on Data • 2.7 zettabytes of data exist in the digital universe today – one zettabyte is 931,322,574,615.48 GB • IDC estimates that by 2020, business transactions on the Internet - business-tobusiness and business-to-consumer – will reach 450 billion per day • Akamai analyzes 75 million events per day to better target advertisements • Data production will be 44 times greater in 2020 than it was in 2009
6
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents © 2018 TrustArc Inc
Overview
Source: Symantec 7
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
The Impact of the GDPR on Marketing
8
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
The Impact of the GDPR on Marketing
9
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
The Impact of the GDPR on Marketing
10
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
The Impact of the GDPR on Marketing
11
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
Practical Tips for Marketers
12
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Collecting & Using Business Cards
13
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Sharing Delegate Lists
14
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Legitimate Interest and Recital 47
‌The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
15
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Legitimate Interest and Recital 47 Article 6(1): Processing shall be lawful only if and to the extent that at least one of the following applies: a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; c) processing is necessary for compliance with a legal obligation to which the controller is subject; d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(continued) 16
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Legitimate Interest and Recital 47 Article 6(1) (continued): Processing shall be lawful only if and to the extent that at least one of the following applies:
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. 17
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Legitimate Interest and Recital 47 Recital 70 Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information.
18
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
19
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Existing Contacts Database and Permission
20
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Existing Contacts Database and Permission
21
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents Š 2018 TrustArc Inc
Possible Action Items & Technology Solutions • Mapping data flows — identifying and inventorying EU personal data • Revising privacy notices to meet heightened transparency requirements • Reviewing webforms and consent language/means — for central storage and audit trail purposes • Cookie consent solutions to capture end user preferences • DPIAs for new marketing initiatives that may involve high-risk processing • Automatable systems for managing individual rights requests across the org (Arts. 15-23) • Marketing vendors assessments and contract reviews for GDPR compliance • Certifications/compliance with 3rd party OBA practices and implementing AdChoices
22
Privacy Insight Series - trustarc.com/insightseries
#trustarcGDPRevents © 2018 TrustArc Inc
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
Questions?
23
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
Contacts James Koons Darren Abernethy
24
jkoons@trustarc.com dabernethy@trustarc.com
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
TrustArc - A Leader in the EU Consent Market Since 2012 • TrustArc has been an innovator and leader in EU consent since 2012 • EU Cookie Consent clients include large
• Cookie Consent Manager & Direct Marketing Consent Manager part of TrustArc Privacy Platform – designed to
and small companies across all
help companies comply with over 40
geographies and industries
Articles of the GDPR • Large and experienced team of TrustArc Technical Account Managers supports client implementations
© 2018 TrustArc Inc Proprietary and Confidential Information
PRIVACY INSIGHT SERIES Winter / Spring 2018 Webinar Program
Thank You! Register now for the next webinar in our 2018 Winter / Spring Webinar Series “Best Practices for Managing Individual Rights Under the GDPR” and is due to take place on February 14, 2018. See http://www.trustarc.com/insightseries for the 2018 Privacy Insight Series and past webinar recordings. 26
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information