How Evidon is Simplifying the GDPR’s Consent Requirement
July 11, 2017 – Mollie Panzner
Still trying to strategize for how to best manage against the potential for regulatory risks and brand damage that the GDPR will introduce?
If you’re like most, my guess is that you’re still trying to understand exactly what the EU’s Global Data Protection Regulation (GDPR) means for your business. While your privacy and legal teams are working overtime to ensure compliance obligations are met, and while your engineering team might be expanding as it works to build out appropriate mechanisms to allow for visibility into data streams, you’re probably still trying to strategize for how to best manage against the potential for regulatory risks and brand damage that the GDPR will introduce.
With the GDPR, the vulnerabilities of the online ecosystem are exposed more than ever. The industry’s reliance on an unreasonable level of opacity and often, unquantifiable risk/return, has made managing consent and data protection obligations tricky, at best. Enterprises are realizing that the urgency to adopt new technologies, and the mass consumption of user data, happened with minimal consideration of the risks that this type of data consumption represents.
While I’m not able to share with you the best, all-encompassing approach for compliance adherence – after all, Evidon is just one piece in the GDPR puzzle(!) – I can share with you how we are approaching GDPR compliance, through our transparency and consent platform.
The Problem Set:
- Global Impact: GDPR impacts all companies offering goods/services to EU citizens, and non-compliant businesses face $20+ million in fines or 4% of annual revenue.
- Detailed Visibility Into Data Collection Practices: Complete clarity is needed on what data is stored and how it’s used.
- Broader Definition of Personal Data: Any data related to an identified or identifiable person, direct or indirect, which also means that unique identifiers such as IP address and location may all be considered personal data!
- Offering Users Explicit Consent: Users must give explicit, informed consent for use of their data, as well as they must have control over and access to this data
Offering Users One Touchpoint for Consent is Key.
There’s no question of the value of data collection, both for businesses and for consumers. In fact, while countless industry reports tell us that users don’t believe their online privacy is respected enough by businesses, there is much research to the contrary. In this 2016 Adlucent study, it’s noted that “71% of respondents prefer ads tailored to interests and shopping habits.” Additionally, “44% of respondents were willing to give up information including name, address or email address in order to get more personalized advertising.”
So how do we ensure that users’ data can continue to be collected, but also that there is informed consent? Evidon’s belief is that if a website can illustrate for it’s users why data collection is valuable (for both the business and the consumer), and offer a simple approach for consent, the user is more inclined to allow it. Both can be accomplished through one, easy to understand, platform for user consent.
What GDPR-Friendly Consent and Control Looks Like to the User
The GDPR requires persistent control and accessibility to consent preferences. Here’s how Evidon can help your website to facilitate this:
⏨ Requirement: 3rd Party Visibility and Consent
✓ Solution: Evidon (Notice)
⏨ Requirement: 1st Party “Data Rights” Request
✓ Solution: Evidon (Notice)
⏨ Requirement: 1st Party Visibility and Consent
✓ Solution: Enterprise Partnership or In-House Solution (via Evidon Notice)
⏨ Requirement: Sustained Consent Accessibility
✓ Solution: Evidon (Banner and Optional Button or Link)
The GDPR is also a great starting point for businesses to enhance their digital governance strategy, and to advocate for greater discipline with regard to internal user data management. In fact, Evidon has incorporated various pieces of our toolset (digital profiling assessments, mobile scanning, 1st party technology integrations) into the plans we are helping enterprises to implement in order to prepare for the upcoming regulations.
If you’d like to better understand how your business can work with Evidon to ensure appropriate consent disclosures for 1st and 3rd party data collection, feel free to email me (mollie at evidon dot com). You can also learn more about Evidon products by visiting Evidon.com and following us on Twitter at @Evidon.
Mollie is the Senior Director of Product Strategy at Evidon, and a subject matter expert on digital governance and vendor analysis.