return Home

GDPR spotlight: GDPR - a checklist for publishers

The European Union’s new General Data Protection Regulation (GDPR) that comes into effect on 25 May will redefine the online relationship between publishers and consumers. If companies have not already taken the steps outlined below, it might be too late but this checklist could be handy to see how compliant you already are.

 

GDPR header ()

 

One of the most important principles within GDPR is the notion of accountability. Any company which stores or processes consumer data must be able to demonstrate how they comply with the principles.

To this end publishers need to be able to answer the following six questions:

  1. Can we show how our data will be used and what it will be used for?

  2. Can we prove that the data collected is used only for the purposes explicitly specified at the time of collection?

  3. Can we limit our data collection to specifically what is necessary to serve the purpose for which it is collected?

  4. Can we prove that the data is accurate?

  5. Can we store the data only as long as necessary for its intended purpose?; and

  6. Can we prove that we can prevent the data from being used by unauthorised parties and/or accidental loss by deploying appropriate security measures?

In short, GDPR requires an extra level of accountability and places the responsibility firmly with the publisher to be able to demonstrate how compliance with GDPR principles is being managed and tracked. Maintaining records of how and why personal data was collected as well as the documentation of the processes are therefore vital.  

 

Explicit consent

Consent to collect and process personal data is the first step. Publishers need to ensure that they:

  1. Ask consent before they start processing any person's personal information;

  2. Have explained their data privacy policy in clear and understandable terms;

  3. Made it just as easy for a person to withdraw consent as it was to give it;

  4. Verified the age of minors and ask consent from their legal guardian; and

  5. Inform consumers every time you update your data privacy policy.

In short, the principle of explicit consent to collect and process data is based on an unequivocal decision by the consumer only after you as publisher have informed him or her of the exact purpose of data use.

 

Accountability

To adhere to the extra level of accountability, publishers should also already have:

  1. Appointed a senior member of staff to set up a compliance map and drive responsibility for GDPR compliance (this function can also be outsourced, but accountability cannot);

  2. Updated all contracts and data protection policies within your business;

  3. Ensured that vendors who process personal data on your behalf have already updated data protection policies and contracts and/or set up compliant contracts with any data processors that you share data with;

  4. Implemented improved IT procedures and security; and

  5. Put in place a system to regularly review data protection policies to be able to implement changes and effectiveness, as well as be ready to handle changes to the state of affairs of other countries your data might flow to.

 

The rights of consumers

GDPR hands a fresh set of rights to consumers. To comply with these rights, publishers must:

  1. Have the ability to efficiently supply information about personal data if requested (by the policy makers or individual consumers);

  2. Have a system which will allow consumers to easily update their own personal information and keep it accurate;

  3. Be able to automatically delete personal data when you are no longer using it or need it for the purposes you have stipulated;

  4. Be able to immediately delete personal data when requested;

  5. Be able to immediately stop processing data from individual consumers or sets of consumers when requested;

  6. Be able to deliver data to a consumer or third party when legally requested;

  7. Be able to cease profiling or automated decision making when objected to by a consumer or group of consumers; and

  8. Report data breaches involving personal data to the local authority and to the consumer affected within 72 hours.

 

Value exchange

Because it is expected that these rules will impact effective business operations and influence revenue streams, forward-thinking publishers should also:

  1. Explain to consumers how opting in to data sharing can improve personalised publishing products. It needs to be clear what the value exchange of sharing data will hold for them;

  2. Create awareness among decision makers about the impact of GDPR guidelines;

  3. Train staff to be aware of data protection and the potential ramifications of GDPR on business practices and profitability;

  4. Brainstorm new marketing strategies;

  5. Inform consumers about GDPR, its possible effects and how you as publisher are planning to comply; and

  6. Renew and change products where necessary.

 

Some other considerations:

  1. If your business operates from outside the EU, you should at the very least have appointed a representative within the EU. 

  2. You should only transfer data outside of the EU to countries that offer an appropriate level of protection.

  3. For UK based publishers data protection standards will remain the same after the UK leaves the EU. The Data Protection Bill and the European Union (Withdrawal) Bill will apply GDPR directly into UK law, with only very minor changes expected. 

What can possibly go wrong? While fines of up to €20 million (US$23.9m) or four per cent of annual global sales can be levied for noncompliance, losing audience data and digital revenues for not having a GDPR strategy in place could prove even worse.

***Get stories like these delivered to your inbox every week. Subscribe to our free FIPP World newsletter.***

 

More like this

How the EU’s new ePrivacy regulations could profoundly impact all media

ePrivacy: A loss of more than 30 per cent in digital advertising sales for journalistic media

Media Voices podcast: New Scientist's head of data science Kimberly Karman on paywalls, GDPR and best practice

Chart of the week: Are you prepping for GDPR?

The GDPR makes native advertising even more important

  • Finding a home at Penske Media, Rolling Stone 'poised to continue to tell world's most important stories... for decades to come'

    For over 50 years, Rolling Stone has been iconic in its coverage of music and popular culture, political journalism and commentary. From the Beatles' Magical Mystery tour to Shawn Mendes, Rolling Stone has covered the greatest rockstars, the hottest celebrities, the biggest political stories. Called a 'counterculture bible' by The New York Times, the magazine has launched careers, defined what was cool, inspired a rock song, been embroiled in controversy, and over the last two years, found a new home with Penske Media Corporation. 

    17th Jun 2019 Features
  • How to fix broken digital ad models

    Despite popular belief, subscriptions and paywalls will not be the silver bullet most digital publishers have been waiting for. Instead, publishers should be exploring innovation in digital advertising formats, said Jessica Rovello, co-founder and CEO, Arkadium, USA, at this year's Digital Innovators' Summit in Berlin. She proposed four new formats as a good place to start.

    17th Jun 2019 Features
  • Four Meredith brands on why magazine media are focusing on social good

    Magazine media have long put energy and resources into efforts that are bigger than their brands, into socially and environmentally responsible events and campaigns. Companies are balancing making a profit with being responsible to the planet and the communities that they operate in.

    24th Jun 2019 Features
  • The real reason why newspapers are losing to Facebook

    There’s a major problem facing communities everywhere — local news is losing the competition for advertisers to the duopoly (Facebook and Google). These two firms account for around 70 per cent of all digital ad spending globally, which has forced closures and cutbacks and severely threatened the future of journalism.

    20th Jun 2019 Opinion
  • How The Economist successfully engages younger readers

    Last year, The Economist launched an essay contest for readers aged 16-25, in attempt to engage younger readers, that was so wildly successful, they're doing it again. 

    25th Jun 2019 Features
Go to Full Site