Convert’s GDPR Compliance Journey: The Prep to May 25th (And How You Can Still Get on the Right Side of GDPR)
July 10, 2019 –
I was not around when the GDPR frenzy peaked.
But I have heard stories – hilarious and stressful – of the scramble to put together re-permissioning drives which would not make our customers tear their hair out, and the long sprints of revamps on our app to incorporate the “privacy by design” vision we had for Convert Experiences.
And I can definitely say that the hard work, and diligence that went into embracing the General Data Protection Regulation has paid off for us as a brand and a company.
I have seen very few voices talk about regulations as an opportunity. But Dionysia Kontotasiou – the Head of Privacy at Convert – has always held the belief that cleaner data, more consent focused campaigns and ultimately processing what is needed and not bombarding prospect inboxes is not just the ethical high road, but also a wise business decision.
So now a full year and month after the GDPR tidal wave broke, I interviewed Dionysia about the impact of the change on us (and on the optimization landscape in general).
Plus, we also put together 11 powerful steps – basically the gist of the most important action items we executed – that can still point your compliance in the right direction.
Because it is never too late to Get-Down-with-GDPR!
PS: I fully believe GDPR is going to become a verb like “google” in the recent future. So when you get GDPRd… you basically are hit over the head with something inconvenient, which could have been avoided.
Don’t get GDPRd!!
Enjoy the Q and A.
Q: What is the biggest gift GDPR has given us?
A: (Dionysia) – Getting privacy right is a competitive advantage. We’re more likely to trust a service provider who values our privacy (beyond mere legal compliance) and is transparent about how our data is used. The GDPR requirements opened the door for us to review policies about what we tell customers regarding how their data is collected and processed. This transparency led to deeper trust and more loyal customers. We are very glad to see Convert being mentioned alongside GDPR on forums, and on tool round-ups.
GDPR and transparency has become an essential aspect of the narrative that influences optimizers to choose us, over competitors.
Is it stressful to continuously be on the forefront of something as sensitive and subjective as privacy – YES. But it is worth the input.
Q: Was there a particular area that was reviewed in the prep to GDPR which in your opinion was overdue for Convert?
A: (Dionysia). I would not say overdue… but data strategy was something I personally took a lot of satisfaction in rehauling.
Personal data protection is now a data strategy issue. To comply, we needed to have solid data management and data governance policies in place.
GDPR gave us the opportunity to holistically reassess these policies – for all our data, not just personal data. This was a valuable undertaking and a way to gain business benefits from an expensive and extensive legal compliance project.
Q: You talk about actual savings from the GDPR! Could you touch on how that came about?
A: (Dionysia). Of course.
With GDPR, data became more consolidated and accurate. Redundant, Obsolete, Trivial Data is now promptly eliminated. Additionally, given the requirement to receive explicit consent before use, and the need to delete data after the retention time is up or purpose is met, we regularly save money with our cloud providers.
Another side of accurate data maintenance and customer consent was the opportunity to reduce IT costs further by retiring any legacy data software and/or applications that are no longer relevant nor compliant.
Q: What is your advice for the businesses out there on the journey to privacy compliance?
A: I have narrowed down the almost 1000 hours we invested in the GDPR project to 11 essential steps that should not be avoided.
Here is a quick infographic because you told me no one reads text anymore. 🙂