The General Data Protection Regulation (GDPR) will go into enforcement on May 25, 2018. At Epsilon and Conversant, May 25th is not the end date of compliance efforts, it is simply one marker in our overall compliance work. Data protection in general remains at the forefront of Epsilon and Conversant's operations.
The five major pieces Epsilon and Conversant are implementing to ensure privacy and security remain key areas of focus are:
1) Privacy Steward Role. Each of Epsilon and Conversant’s customized solutions and major platforms will have a Privacy Steward. Each individual is tasked with highlighting changes to the platform or individual client accounts that could be impacted by GDPR. For instance, if a new contractor is hired to analyze or support a brand client’s personal data, the Privacy Steward would be involved not only in selection of the vendor but also ensuring privacy-related protocol is followed throughout the contractual obligation. They are also charged with ensuring that vendors go through our existing due diligence process.
Through specialized trainings for Privacy Stewards, these individuals can spot any potential compliance issues and flag it with the GDPR team for further review of privacy, legal or security issues.
2) Annual data inventory/data mapping review. Epsilon and Conversant will conduct a review of data inventory and maps on a yearly basis with the technology, business, security and privacy teams to ensure GDPR compliance.
3) Privacy and Security by Design. The privacy and security teams will continue to be brought into initial discussions and reviews of new products and services (before their launch) to ensure GDPR compliance. The Chief Privacy Officer will continue to sit in on major discussions on service changes or updates.
4) Continuing to innovate and integrate. Epsilon and Conversant will continue to review and enhance their compliance programs, with a goal of having privacy and security considerations weaved into every part of the business. This may mean creating innovative ways to be more transparent with its data collection and use. Deep knowledge of GDPR requirements and processes in all parts the organization will provide a more seamless, simplified approach to client operations.
5) Global informational roadshow. The GDPR cross-functional team will also be rolling out an internal roadshow across the United States and Europe starting in late May 2018. This series will ensure associates in all functions – from client services to solution architects to project delivery – understand Epsilon and Conversant's responsibilities under GDPR and have the proper tools, contacts and information regarding privacy and security considerations going forward. While GDPR has understandably resulted in some disruption for current clients due to new requirements, Epsilon and Conversant want to be prepared and knowledgeable for future clients, ensuring as little inconsistency as possible. The roadshow will allow internal associates to ask questions, understand how to speak to consumers and clients about GDPR and ingrain the correct processes through every part of operations.
Data protection principles are one of the most important pieces of Epsilon and Conversant’s business. Epsilon and Conversant’s business teams, engineers and associates will all play a part in compliance, recognizing that data protection and security is a collective responsibility. By ensuring that GDPR requirements are operationalized, there will be a consistent approach and response for clients and consumers going forward.
This post originally appeared on Epsilon's "A Brand New View."