GDPR fines skyrocket as regulators crack down on privacy violations
GDPR fines soared in the third quarter, highlighting the growing risk businesses face as European regulators scrutinize data privacy practices.
Data privacy compliance isn’t easy. Many large organizations still work to get it right, even after landmark regulations such as GDPR and CCPA have been in place for several years.
Consider the number of companies that were slapped with hefty fines in the past year for how they handled customer data:
- France fined Google Ireland $102 million, Facebook $68 million and Google’s YouTube $68 million for their cookie consent practices.
- In the U.S., Sephora settled with the state of California for $1.2 million under a complaint that claims it did not clearly allow consumers to opt-out of selling their personal information.
- South Korea fined Google $50 million and Meta $22 million for tracking consumers’ online behavior without their consent and the list goes on.
Today. the list of regulatory bodies in individual states and countries continues to grow. Regulations are forcing companies to ask for consent more frequently and for consent to things that organizations used to do in the background.
Organizations need to make data privacy compliance part of their digital strategy across all the markets they serve. Without compliance, they risk eroding customer trust, losing customers to competitors, and incurring stiff penalties.Boost your reputation with data privacy compliance
In business, there’s a perception that adhering to data privacy compliance regulations will limit delivering what the business needs. However, putting compliance into practice future proofs the business and builds a happier customer base while ultimately ensuring brands have a positive reputation.
If you don’t have compliance solved, how can you begin to actually use that data to improve customer experience?
Landing in the headlines for the wrong reason breakdowns consumer trust further. Merkle research done in 2022 revealed 46% of consumers believe brands know too much about them. So, how companies manage data compliance is essential to encouraging customers to share their information.
Data compliance: An ultimate guide to consent, privacy, and best practices
Data compliance encompasses the standards and regulations in place to ensure data is secure, protected from data theft, misuse, and loss. Here's a primer on getting started.
Managing consent in a global market
Today, compliance is an issue for every company on every digital platform that serves a market with privacy regulations, which can vary from location to location. This has been an advertising issue for many years with third-party data.
Designing a plan to manage consent and carrying it through to data activation can be difficult, as demonstrated by the massive fines this year. Users can also change their opt-in and opt-out preferences based on the device they are using, which can make managing the information confusing. You can learn more HERE.
In the US, compliance becomes even more complex as state-level legislation comes to life in 2023 and the years ahead.
Organizations that operate in multiple markets need to manage consent with a default approach when consent is not clear and use that to determine where and how data can be used for different marketing use cases.
Consent data management is essential to the future of business
Companies around the globe are beginning to see enforcement actions around data privacy laws. Learn how a consent data management mitigates regulatory risk.
Reviewing compliance practices
Many brands have treated consumers as if everyone will opt-in or lower a cookie banner and compliance won’t be an issue, but that’s not the case.
Legally, if there’s no confirmation of consent, that may mean there’s also no implied consent. Compliance and consumer privacy is a much broader issue than whether a brand received consent or not.
Forrester Privacy Analyst Stephanie Liu said there are four questions organizations should be asking themselves about their compliance practices:
- How are you asking for permission for data?
- Are you doing what you’re saying you’re doing with the data?
- Are you acting in the best interests of the consumer?
- Are you using the data ethically?
Real customers, engaged with your brand: Enter data authentication
In a cookieless future, data authentication is key to creating customer relationships and understanding the intent of collected data in downstream systems.
A holistic approach
Since users can change their preferences whenever they visit a site or app, organizations need to be able to recognize, manage, change and remember those preferences in real-time to remain compliant. That process would then have to update all downstream applications and systems.
The approach to consent needs to be handled holistically. Organizations that avoid operating in silos are the ones that avoid being in the news. They need to bring business and technology together to have compliance tied to their digital platforms correctly.
Other types of technology that are privacy focused may take the burden of information sharing off the consumer and create an environment where less personally identifiable information is required to achieve an organization’s goals, such as personalization and experience.
Meeting data compliance regulations takes people, process, and technology. Putting a solid baseline in place today will ensure organizations are able to stay in front of an ever-changing, complex landscape of privacy in the future.
