It feels like almost an hour doesn’t go by without another GDPR opt-in email reaching our inboxes. Particularly this week in the lead up to GDPR coming into force. Today, it’s finally here and brands will be waking up to new responsibilities, and the profound implications this piece of legislation will have on their future business.
SDL welcomes the introduction of GDPR. It presents a real opportunity for brands to build trust with customers and prospects, demonstrate commitment and put them at the forefront of their data strategy.
Our approach to GDPR is simple. As an enabler of digital experiences and an advocate of creating great customer journeys through contextual content, SDL has embedded data privacy into the core of what we do. The standards we have achieved means that our software is today used by some of the most privacy-conscious organizations in the world – including intelligence agencies, banks and government organizations – and plays an integral part of their own processes to protect data privacy.
Designing privacy at the core
As custodians of our customers’ data, here is how we’re approaching GDPR compliance across the content supply chain.
The legislation applies to ‘data controllers’ and ‘data processors’ of personal data, which is used by brands to market and sell to. A data controller, according to the ICO “determines the purposes and means of processing personal data,” whereas a processor is “responsible for processing personal data on behalf of a controller.”
GDPR legally obliges data controllers and processors to implement “data privacy by design and by default,” which means making management of personal data privacy a fundamental consideration throughout the data processing lifecycle in all projects — from capture to destruction.
According to the GDPR legislation, if you are using a piece of software to process data then that organization is considered the data controller, and responsible for any personal data being processes, whether that be on premise or in the cloud. The provider of any Software as a Service (SaaS) offering is the data processor in respect to the storage, processing and transmission of the personal data.
This model applies to SDL’s own digital experience and translation software, so to ensure ‘privacy by design’ when developing our technology we have designed anonymity into the processes and systems that capture data, while also adhering to the principles of secure software development. We also make sure our deployment takes place in secure environments to achieve appropriate privacy.
Security by Design
Security can’t be an afterthought in the development process and our software is designed to help customers manage privacy across the entire content supply chain, automating manual processes where we can, minimizing the data held on users, giving control over what is held and providing a robust chain of data custody. Additionally, a reliable way to apply privacy by design is to pseudonymize data and then delete that record once the pseudonymization is reversed.
Just remember the data controller is responsible for all the data within any content, as well as their GDPR compliance. This is beyond the means of any software or data processors to govern, but at SDL we can help you become GDPR compliant across your content supply chain – from creation, translation and delivery – by giving guidance on how to utilize functionality in our software in responsible, secure ways that will help you comply with GDPR.
To make life easier we also have four key points to consider:
- Prepare content and personal data before processing to eliminate any privacy risks.
- Engage all stakeholders and ensure everyone understands the implications of GDPR.
- Determine how to govern and process data and content to be GDPR compliant.
- Keep life simple – pseudonymize personal data if necessary to ensure privacy and comply with GDPR.
While GDPR can be a difficult field to navigate, it’s ushering in a new chapter for the digital world. Consumers today are bombarded with headlines of brands failing to treat their personal information – and ultimately privacy – with the respect it deserves. The future will be based on trust. GDPR gives brands a platform to win that trust if they’re able to put customers, and their privacy, at the very centre of everything they do.