The main idea behind the regulation transparency. If you operate with full disclosure of your business practices, you've gone a long way toward compliance.
While many SaaS providers, platforms and services focus on the tactical implications of the restrictions set forth in WP29's published guidelines, few have come to the table with the change in perspective that the regulators intend. That perspective is that a person (and their data) is to be respected as an extension of their self. Treating a person with respect involves disclosure, consent and ultimately respect.
The first milestone toward compliance is disclosure. This means telling a person how you are using their data every step of the way, known as "contextual disclosure". Rather than a consolidated, legal document buried in the footer of your site, disclosure should be placed inline with the actions. A phrase or tooltip next to a button, a popup with an acknowledgement button, a banner. Tell a person what you are doing with the information.
The next step toward compliance is preferences. Allow a person to choose whether to opt in or out of a particular data action. Give them a page where they can review and modify their preferences.
And lastly, the last step is governance. This means knowing where all of a person's data is, and being able to disclose, modify, transport or delete it upon request.
No single solution exists for GDPR compliance, because it is a prescription for a new business mindset. Investments in infrastructure can still be made toward addressing requirements, and none provide more capability than a customer data platform combined with a tag management system.
"Many marketing strategies rely upon data collection in a way that consumers are not aware of. Business is fearful that the regulations, followed to their intended ends, will significantly hamper marketing efforts. But this is not an end, it's a change."
These are the ways we support your compliance initiatives:
We introduce modern disclosure tactics to business and legal teams, informing them of the options available beyond a 'privacy policy' page. We coordinate implementation of contextual disclosures into user experiences.
Implementation of identity resolution and data repository services, such as a CDP, to collect and manage data for all site visitors and offline customers.
We work with developers and site managers to produce a consolidated user preferences page, governing both data transport and opt-out.