The deadline for General Data Protection Regulation (GDPR) will be here in just a few days. By now everyone is familiar with how GDPR’s regulations are going to impact them, but what many may not realize is how much of the burden will be put on publishers.
Here are a few things that have publishers concerned.
Navigating “The Right to Be Forgotten”
A huge GDPR challenge publishers are facing is a user’s “right to be forgotten.” When a user wants all of their data deleted, it will be up to the publisher to go about wiping that data. The breadth of data coupled with how it can be shared across multiple platforms makes this extremely time-consuming and cumbersome.
Let’s say you’re a family of four who share the same IP address. One day mom decides she wants her data deleted from the home IP address. Well, you can’t exactly extract her data and delete it, you need to wipe the entire IP address.
That’s just one example of navigating the “right to be forgotten.” What about businesses with dozens of employees who share the same IP address? Or the murky ethics of an individual with a criminal past (unbeknownst to the publisher) wanting their data wiped to evade prosecution? Publishers no doubt will have their hands full.
Getting User Consent
Another equally daunting challenge for publishers is getting user consent. To ensure consumers’ data privacy is intact, publishers are being required to handle the bulk of obtaining user consent. This not only includes new users, but existing users as well. And if Google gets their way, publishers will also be responsible for getting user consent from third-parties including websites and apps that use Google’s ad technology.
No wonder publishers are freaking out. That’s a lot of data to comb through, and let’s be honest, most users don’t want their privacy violated. Plus, once a person decides they want to “be deleted,” deletion must be done immediately. And to add insult to injury, publishers are looking at losing a significant chunk of their current subscriber lists, too.
Creating New Roles
Related Post: 5 Digital Marketing Compliance Rules Your Need to Know
A common new role for publishers will be installing Data Protection Officers or Data Protection Czars to handle the auditing and validating of contracts to ensure compliancy. Whoever fills that role will need to be solely dedicated to enforcing GDPR and everything that falls under the fine print. They can’t have any conflicts of interest, which will eliminate the option of assigning those duties to an existing employee.
Paying Large Fines
The fines and penalties for violating GDPR are harsh! Just one violation can range from a minimum of $10 million (2% of a company’s annual revenue) to a maximum of $20 million (4% of a company’s annual revenue).
Related Post: 3 Ways to Keep Your Sponsored Content FTC Compliant
Now imagine all of the liabilities publishers are facing: user consent, right to be forgotten, their clients’ privacy, Google’s clients privacy, third-party privacy, the list goes on. Failure to comply, or data leaks could have publishers in the hole for millions of dollars in fines and penalties.
Buckle Up, It’s About to Get Bumpy
Change is upon us, and as much as publishers want to turn back the clock, they can’t go back in time. The best publishers can do now is buckle up and get ready because it’s going to be a bumpy ride.
Source: Andy Whyte