When the General Data Protection Regulation (GDPR) became enforceable earlier this year, it quickly rose to the top of “the worry list” kept by top executives of companies having interaction with EU customers or visitors. The stringent penalties for violating the proper keeping and handling of the personal data of EU citizens involve costs of as much as 20 million euros or four percent of the organization’s worldwide revenue, whichever is greater. This caught everyone’s attention. Four percent of revenue is serious enough to wake up even the largest enterprises that might otherwise consider compliance penalties less than rounding noise on income statements.
Even though many companies waited until what seemed the last minute, there was a flurry of activity to ensure that apps, email and other corporate systems were in compliance with the regulation. But what about your website? Is it in compliance with the GDPR and other regulations? What is your level of certainty?
If your site participates in digital advertising, particularly programmatic, or features content from other sources, there is a good chance you have allowed a blind spot to exist. Digital advertising and content from other sources generally make use of placing third-party code and calls into your own code that enables your website. These third-party code and calls are opaque to you. It is difficult for you to know exactly what data a third party now has access to and what they can do to it. You really have no way of knowing if third parties are collecting personal information on your visitors and whether it is in violation of compliance requirements or laws. Likely, you are in violation. The GDPR, for instance, even holds companies responsible for what they allow third parties to do with users.
It may be that the third party is trustworthy and properly handles privacy matters, but often third parties share information with other third parties in the course of their operations or doing business. There is no telling what these other entities might be doing with your data.
To achieve compliance or certify that your website is in compliance, things must change. You can either end participation in digital advertising or receiving third-party content that makes use of third-party code or calls or you can use Apomaya Unity Hub to convert all third-party involvement into first-party interactions. Transforming third party to first party gives you complete visibility and control over what is happening.
You can prevent user data from leaving your site and enforce its proper treatment.