By now you’ve surely heard about GDPR. It’s the Global Data Protection Regulation – and it impacts all businesses that sell globally and store information about individual consumers. The ramifications of this regulation are complex and it’s not entirely clear to everyday marketers what some of the requirements mean, so Bernie asked Juliette Rizkallah, Chief Marketing Officer of SailPoint Technologies to shed light on this topic on this episode.
In addition to her role as CMO at Sailpoint, Juliette is a recognized identity and security expert, a Forbes Technology Council contributing writer, and a popular, sought-out speaker. On this episode, Juliette brings clarity to the GDPR topic for marketers struggling to understand it. Juliette has both a technical and pragmatic understanding of how GDPR affects the marketing organization.
You’ll want to listen to this episode in its entirety to understand how GDPR affects you and what you need to do to be in compliance – because not being in compliance can be very costly.
What’s the Cost of Non-Compliance With GDPR?
It’s easy to scoff at new regulations, especially measures as confusing as GDPR, but it’s not worth the risk to remain non-compliant. Any company found to be in violation of GDPR can be fined up to $20 million Euros or 4% of total revenues for the company – whichever is highest. That is an unprecedented penalty that puts a powerful set of teeth into the legislation.
But GDPR is also sweeping in its scope. As Juliette says, “In the case of GDPR… it’s whatever a consumer decides that a corporation should be doing about their data, including their right to be forgotten. Because of that, it makes it very complex for companies to try to figure out how to manage compliance for it.”
Juliette’s insights are practical and helpful, based on her understanding of the regulation. Be sure to listen in order to understand what your company needs to do to become and remain compliant.
Your First GDPR Compliance Step: Take Inventory of Customer Data
During this episode, Juliette and Bernie both admit that companies based in the United States have historically been sloppy when it comes to the oversight of consumer data. But because of GDPR, those days are over. Companies that do not carefully manage and protect the personal data of citizens of the European Union can experience devastating losses if consumers complain and they are found to be in non-compliance.
Juliette says that the first step to becoming compliant is to take an inventory of all consumer data within your organization. You need to know where it is kept, where it came from, determine what protections you need to have around that data, develop a data management system, and develop a plan for the eventuality that you are asked to remove all information about specific individuals.
GDPR Gives Consumers The Right To Be Forgotten By Companies
As with any new regulation, GDPR contains verbiage that begs for clarification. For example, one of the provisions of the law is that consumers have the right to request that every bit of their personal data be removed from a company’s dataset, even if they have previously opted into that company’s communication channels. And the burden of proof that such actions have been complied with is on the vendor/company asked to delete the data.
That presents a problem: How can a company keep an accurate record that they’ve deleted all information about a particular consumer if all information about that consumer is supposed to be removed from their system? It’s a problem that will undoubtedly be ironed out over time, but until then marketing executives and legal departments are scrambling to protect their companies.
What Consumer Data Can Companies Provide To Vendors Under GDPR?
It’s probably clear to you by now that GDPR is not only far-reaching, it is also very difficult to apply with confidence. Juliette demonstrates this by pointing out that companies that work with vendors on behalf of their customers must, at times, share their customer data with those vendors. How is it going to be made clear exactly what data is being shared, by whom, and for what purposes? Will marketers and vendors need codified contracts in order to ensure consumer data is protected adequately? Will individual customers need to opt-in to the sharing required between the company and their vendor?
Juliette has a number of very practical ideas about where to begin to assess your company’s ability to comply with GDPR. Listen to this episode and share it with your Chief Marketing Officer. Your company needs to know this information.
Featured on This Episode
- Juliette Rizkallah on LinkedIn
- Juliette on Twitter: @JulietteSultan
- Sailpoint Technologies
- Juliette Rizkallah: Forbes Technology Council Contributor
Outline of This Episode
- [2:52] Who is Juliette and Sailpoint technologies?
- [3:40] What is GDPR (Global Data Protection Regulation)?
- [6:14] How do European-based rules like this impact U.S companies?
- [8:07] Anyone who collects consumer information is in the crosshairs of GDPR
- [11:20] Juliette’s tips for where marketers should start to stay in compliance
- [19:56] How will marketing departments change because of GDPR?
- [24:09] Bernie’s summary of the issues discussed
- [29:09] Customer data shared with Vendors has to be codified in contracts