GDPR – Are your tech platforms secured for first contact?

Technologists, marketers and business leaders should be well aware of the upcoming regulation that will soon dramatically change the way organisations managing customer data operate.

This means, in effect, just about every organisation doing business in the European Union should be well on their way to at least minimum compliance, if not a full embrace of the new customer-centric mode of business that the General Data Protection Regulation (GDPR) represents.

For the technologists of the business, the picture is clear. It’s the IT team under the overall direction of the technology decision makers that must ensure that all data collection, processing, and management takes place in accordance with the new regulations.

>See also: GDPR: the good, the not so bad and the opportunities

There’s no need to go into great detail into those regulations here, but a quick recap of the major points, and why it’s important to take it seriously, include:

• The new and improved rights for consumers
• Need for a data protection officer (DPO)
• Enhanced obligations on data processors
• It’s backed up with teeth

‘Piggybacking’ – what does this mean for business technology?

From the get-go, or first contact with a customer, everything about data collection changes. For most brands, this is the website. Right now, research shows that confusion still reigns around accountability for GDPR compliance.

Businesses have a legal requirement to ensure clear communication of the processes and parameters for data use, across all digital channels regardless of who runs them. Yet despite this, 46% of UK marketers believe their company isn’t responsible for data collection across all digital properties.

For the website, one of the biggest challenges in this area is getting visibility of which third parties are ‘tag piggybacking’ on web pages. What lies beneath a seemingly simple website is often a complex web of unauthorised and even unknown JavaScript tags that piggyback off one another and cause compliance nightmares, each collecting visitor data and sharing it with the technology providers for every digital element of the page.

>See also: The winding road to GDPR compliance

Given that a major part of the spirit and letter of GDPR is that informed consent must be provided before data may be collected and used, it becomes totally unacceptable that customer privacy is being flouted as a general part of using the web. This has to change for the 25th May, or else firms will be in breach of the regulation – even without using that customer data themselves!

Only tech can stop data leakage

As well as a blanket ban on the piggybacking of unauthorised tags (likely best controlled through real-time whitelist and blacklist control in the browser), ensuring enforcement of data collection consent over all tags and website functionality is key.

This can only be driven by personalised 1:1 privacy consent for all web visitors. The most elegant solution may be for most organisations to deliver customer consent overlays directly onto web pages. This gives visitors a positive experience with respect to consent communications – and simplified control over data collection by various marketing technologies. Given the global reach of the web, being able to easily customise privacy choices to match all local languages will be a crucial element that may play a big impact in the way customers respond to their new rights.

Only tech can engender trust

It comes down to the technology platform to create the brand trust consumers will become increasingly aware of as brands shoulder greater responsibilities in protecting personally identifiable information. Additionally, it falls to the tech team to manage the process of visitor audit trails, which must be made available upon regulatory request.

>See also: GDPR – a real opportunity to better understand your data

All sites will require a consent manager so that visitors may directly view, change and withdraw consent for various data uses at any time. These will need to be connected to all the different technologies and third party suppliers that manage the various web operations a site requires.

It’s the tech team who are now on the front line, with the website the first engagement between the ideals of the GDPR, and the reality of customer interactions. But to pull this off they’ll need to work with the marketing team – because the great majority of tags on the website are there to service the marketing team’s needs.

It’s a chance to cross siloes and create a smooth process to get the whole company prepared for the changes ahead.


Sourced by Ian Woolley, chief revenue officer, Ensighten

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics