PPB January 2018

any promotional product revenue initiated online, but does not include anymerchant- aided transactions fulfilled online. Therefore, online sales could be generated froma range of sources including desktop browsers, applications andmobile devices. Not surprisingly, 65 percent of distributors have mobile-friendly websites, as indicated in the 2015 PPAI Technology Study. Given the broad online footprint of the industry, companies that ignore the GDPR do so at their own risk. The GDPR isn’t a regulation that holds a single individual accountable, but one that could hold a company accountable for a single individual’s actions. Every company contact, both internal and external, needs to know about the GDPR, including staff, partners, third-party contractors and customers. Data privacy should be top of mind for every employee and should engender a greater sense of responsibility and accountability. • Employees should be trained on how to take notes and record information about customers, prospects and employees, as well as how to follow online security protocols, such as how to recognize phishing emails and the dangers of clicking on unrecognized email attachments. Companies need to ensure that their cloud providers implement technical and administrative controls to protect data. This is especially critical for those dealing with data originating in the EU, as EU authorities can assess every single data transfer if a privacy complaint is brought to their attention. Customers must also understand their rights under this legislation. Greater transparency will involve clearly communicating the purpose of collecting data and naming any third parties with whom the data will be shared. Prechecked-box opt-ins must be deactivated, and withdrawing consent must be easily facilitated. The GDPR will concern every channel through which data is collected, including websites, email or POS systems, as well as the repositories used to store data, including CRMs, cloud hosting providers and internal infrastructure. Each data point will need thorough monitoring to document where it is coming from, what it is being used for, where and how it is being stored, who is responsible for it and who has access to it. By engaging the peoplewho deal with these processes in a conversation about theGDPR andwhy it is important, companies will be better equipped to update processes with the necessary requirements to becomeGDPR compliant. Cyber insurance policies will likely begin to mimic the GDPR language. Thus, a violation of GDPR rules may result in a denial of coverage. Start Now No company that operates on a global footprint, whether directly or through an array of third parties, can afford to ignore or avoid preparation for the GDPR. For most, this is a critical time to reevaluate the people and processes related to data protection and build flexible solutions to meet today’s challenges to continue tomorrow’s growth. The bottom line is that the EU has set a new standard in data protection, and companies that embrace these new standards will be well prepared for the coming shift in expectations. For amore comprehensive look at the regulation, download the PPAI white paper at www.ppai.org/GDPR. This story has been prepared for informational purposes only and does not constitute legal advice. To learn more about the upcoming General Data Protection Regulation, consult your legal counsel or visit www.eugdpr.org . Moumita Das is the market research coordinator at PPAI. ACTIONS TO TAKE NOW 1 Consider what data you are collecting or processing from individuals located in the EU. 2 Update contracts with third- party vendors with whom you are collecting or sharing data on individuals. 3 If you work directly with consumers, review the current consent forms you use to collect data about them. 4 Consider more creative ways to display and describe your privacy practices (so they will be read), and provide mechanisms for users who want to opt out. Data Redefined | FEATURE The bottom line is that the EU has set a new standard in data protection, and companies that embrace these new standards will be well prepared for the coming shift in expectations. | JANUARY 2018 | 91