The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It has implications for any business who has any dealings with, and retains any personal information on residents of the EU or Switzerland.
Our team has been working on making sure we are GDPR compliant by the due date of May 25, 2018. As part of our preparation process we reviewed the privacy policies of competitors, peers and the industry behemoths to get a perspective on how others have approached GDPR. The research was illuminating to say the least. The legal teams of our surveyed companies presented their companies’ work products and audience in very different and earthbound terms, versus the respective representations of the sales teams.
Instead of sending out RFI’s (Requests for information), perhaps you could just review your vendors’ privacy policies to gauge their capabilities. The legal perspective is likely the truest presentation of the business’ strengths.
So here is our slightly tongue-in-cheek three point checklist. If your vendor answers no to any, there may be rot under the carpet. Buyer beware.
This isn’t a cosmetic update. It’s mandated even by California’s Shine the Light Law.
2. When was the policy last updated? Is there a reference to GDPR?
This isn’t hyperbole. GDPR is a big deal. The penalty of non-compliance is 4% of global revenues or $50M, whichever is higher. Besides that, it is just good business sense. Over the last 12 months we’ve seen the fortunes of companies like Equifax, Facebook, Yahoo take a hit over data ownership and security concerns. So if the vendor has content from early 2017, there’s a likelihood someone’s asleep at the wheel. It suggests weak processes and poor adherence to policy. Buyer beware.
3. Does the word “Aggregate” appear conspicuously anywhere?
Here’s a tell-tale clause
The results of our services are delivered solely to our Clients in aggregated form
What this means is that the vendor does not have the capability to share raw data with their clients, ie. you. So you cannot independently verify the reports they are sharing.
Why does this matter? Because you have no independent way of reviewing the findings. Spiffy graphs do not mean anything if they are not grounded in reality. So even if the vendor sends a report saying it’s driven by Artificial Intelligence or the real intelligence of several PhD’s working overtime, ask them a simple question – can you frame their findings around the shopping paths of an individual or a cohort of your choosing? That’s the granularity you should expect.
Analytics is only as good as the data that goes into the system. If the vendor is not sharing the data, they likely do not have any first-party data to share. And Google analytics does not count. That’s aggregate data with limited visibility on the 10% of the web traffic that purchased something.
Data’s the new oil. Protect it.
To us at Infernotions Technologies (parent company of Polytab Analytics), data is our bread and butter. We take data very seriously and this precedes the recent awareness on data privacy issues with the Facebook hearings and the upcoming GDPR compliance date. More than a checklist, this is part of our DNA – and fundamental to the engineering framework to our solutions suite.
We are able to deliver deeper insights and granular data on the shopper across all his/her touches because these are data we capture and manage in-house (as opposed to relying on Google analytics for aggregated data reports).
To learn more about how to leverage data for running your business and the Polytab analytics’ suite contact me via the link below to set up a demo