Most businesses react nervously when they hear the letters “GDPR,” as in their view the regulation gets in the way of performing their day-to-day work, particularly marketing. At the same time, many businesses get lost in the tangle of regulations they are supposed to follow if they wish to lawfully direct marketing communications to individuals. What issues cause them the most difficulty?
Designing marketing initiatives in an organisation so they comply with the regulations, including data protection rules, can be problematic. The situation becomes even more complicated if marketing for several companies within a group is carried out by one of the companies, designated through informal internal arrangements (often without concluding any contracts).
Ensuring the transparency of websites is vital from the perspective of the GDPR. Persons entering a website must be aware of how their personal data will be processed on the site and for what purpose.
A key element of the proposed new Public Procurement Law is to regulate the protection of personal data collected in the course of procurement procedures. Significant exceptions from the general rules of the GDPR are planned. What should they consist of?
When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.