marketing under the gdpr: what you can and cannot do [webinar slides]
TRANSCRIPT
© 2018 TrustArc Inc Proprietary and Confidential Information
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
PRIVACY INSIGHT SERIES
Marketing under the GDPR:
What You Can and Cannot Do
17 January 2018
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Today’s Speakers
James Koons
Senior Consultant, TrustArc
Darren Abernethy
Senior Global Privacy Manager, TrustArc
(Moderator)
2
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Today’s Agenda
• An Overview
• Data Statistics
• The GDPR’s Impact on Marketing
• Practical Tips for Marketers
3
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
A Quick Overview
4
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Overview
5
Source: TrustArc/NCSA
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Some Fast Facts on Data
• 2.7 zettabytes of data exist in the digital universe
today – one zettabyte is 931,322,574,615.48 GB
• IDC estimates that by 2020, business
transactions on the Internet - business-to-
business and business-to-consumer – will reach
450 billion per day
• Akamai analyzes 75 million events per day to
better target advertisements
• Data production will be 44 times greater in 2020
than it was in 2009
6
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Overview
7
Source: Symantec
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
The Impact of the GDPR on
Marketing
8
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
The Impact of the GDPR on Marketing
9
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
The Impact of the GDPR on Marketing
10
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
The Impact of the GDPR on Marketing
11
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Practical Tips for Marketers
12
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Collecting & Using Business Cards
13
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Sharing Delegate Lists
14
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Legitimate Interest and Recital 47
…The processing of personal data for
direct marketing purposes may be
regarded as carried out for a legitimate
interest.
15
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Legitimate Interest and Recital 47
16
Article 6(1):
Processing shall be lawful only if and to the extent that at least
one of the following applies:
a) the data subject has given consent to the processing of his
or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to
which the data subject is party or in order to take steps at the
request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal
obligation to which the controller is subject; d) processing is necessary in order to protect the vital interests of the
data subject or of another natural person;
(continued)
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Legitimate Interest and Recital 47
17
Article 6(1) (continued):
Processing shall be lawful only if and to the extent that at least one
of the following applies:
e) processing is necessary for the performance of a task
carried out in the public interest or in the exercise of official
authority vested in the controller
f) processing is necessary for the purposes of the legitimate
interests pursued by the controller or by a third party, except
where such interests are overridden by the interests or
fundamental rights and freedoms of the data subject which
require protection of personal data, in particular where the
data subject is a child.
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Legitimate Interest and Recital 47
Recital 70
Where personal data are processed for the
purposes of direct marketing, the data subject
should have the right to object to such processing,
including profiling to the extent that it is related to
such direct marketing, whether with regard to initial
or further processing, at any time and free of
charge. That right should be explicitly brought to the
attention of the data subject and presented clearly
and separately from any other information.
18
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
19
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Existing Contacts Database and Permission
20
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Existing Contacts Database and Permission
21
#trustarcGDPRevents © 2018 TrustArc Inc Privacy Insight Series - trustarc.com/insightseries
Possible Action Items & Technology Solutions
22
• Mapping data flows — identifying and inventorying EU personal data
• Revising privacy notices to meet heightened transparency
requirements
• Reviewing webforms and consent language/means — for central
storage and audit trail purposes
• Cookie consent solutions to capture end user preferences
• DPIAs for new marketing initiatives that may involve high-risk
processing
• Automatable systems for managing individual rights requests across
the org (Arts. 15-23)
• Marketing vendors assessments and contract reviews for GDPR
compliance
• Certifications/compliance with 3rd party OBA practices and
implementing AdChoices
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Questions?
23
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Contacts
24
James Koons [email protected]
Darren Abernethy [email protected]
© 2018 TrustArc Inc Proprietary and Confidential Information
TrustArc - A Leader in the EU Consent Market Since 2012
• TrustArc has been an innovator and
leader in EU consent since 2012
• EU Cookie Consent clients include large
and small companies across all
geographies and industries
• Cookie Consent Manager & Direct
Marketing Consent Manager part of
TrustArc Privacy Platform – designed to
help companies comply with over 40
Articles of the GDPR
• Large and experienced team of TrustArc
Technical Account Managers supports
client implementations
PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program
#trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information
Thank You!
Register now for the next webinar in our 2018 Winter / Spring
Webinar Series “Best Practices for Managing Individual Rights
Under the GDPR” and is due to take place on February 14, 2018.
See http://www.trustarc.com/insightseries for the 2018
Privacy Insight Series and past webinar recordings.
26