All media organizations with any audience presence in the EU will be heavily influenced by the GDPR requirements, and implementing new standards with no prior precedent to follow can be extremely difficult.
During our live webinar EU GDPR: What Media Organizations Need to Know, key industry leaders discussed how to approach the upcoming GDPR regulations. Morgane Van Ermengem, legal officer for theJurists London, walked viewers through the ins and outs of the new regulation, and Deborah Henderson, president of DAHenderson Consulting Ltd. and a member of DAMA International, explained how GDPR will impact media organizations internally and externally.
Morgane Van Ermengem
Morgane Van Ermengem heads the London branch of theJurists, a contemporary legal boutique office and pioneer in digital law. Her main areas of expertise include data protection and privacy law, intellectual property law and contract law.
Deborah Henderson, B.Sc., MLS, PMP, CDMP, CDP, has over 30 years in data and information management, consulting to many sectors across North America, and coordinating experts across the globe in best community practices in IT.
GDPR applies to all personal user data, so media organizations need to understand the meaning of both collecting and processing personal data. During the webinar, Morgane addressed both of these important topics.
New obligations under GDPR include the implementation of a data protection officer (DPO) and the required notification of any data breach. Any data subject, or rather, user, has the following rights:
- Right to information
- Right to access
- Right to ratification
- Right to object
- Right to be forgotten
To learn more about the importance of having a DPO and more on user’s rights, watch the full webinar here.
Deborah Henderson, who has more than 30 years of data management experience, led a comprehensive overview of GDPR’s impact on data. Media companies fill the role of data controllers, which means the implementation of GDPR requirements will be an ongoing cultural shift. She recommended companies conduct a current state assessment to better understand what changes need to be made in order to be GDPR-compliant.
Additionally, there are different types of data that are now protected under GDPR—personally identifiable information (PII) and sensitive personal information (SPI). Protecting PII and SPI provides different operational challenges depending on the perspective.
From a customer perspective, media organizations must incorporate a way to answer customer questions regarding data From an IT perspective, some form of “gate” (or protective measure that flags when data is being used and requires permissions for access) must be implemented for projects that use data.
For more expertise from Deborah, tune into the webinar on demand here.
Under GDPR regulations surrounding the “right to be forgotten”, the importance of a user not only visiting your site, but actively and repeatedly returning for your content (as opposed to leveraging their right to be forgotten) has never been higher. So how can a media organization ensure they are a constant resource for their audiences?
Viafoura, as a data processor, will proactively monitor and make adjustments to comply with GDPR. From amending its master service agreements and conducting periodic compliance checks, to providing API endpoints to consent and profile deletion capabilities.