Ari Levenfeld, Chief Privacy Officer at Sizmek answers some key questions on GDPR ahead of 25 May.
1. What's your main priority right now in the run up to 25 May?
Some have called the GDPR the most significant regulation in the history of advertising - digital or otherwise. Companies that ready themselves for the new law may find that they have a competitive advantage over those that have chosen not to prepare and hope for the best. But our industry will succeed collectively when we help one another and share knowledge. As Sizmek has already invested heavily in our plans to align ourselves with the GDPR's requirements, we plan to spend the remaining days working with clients and partners to share what we've learned and help lend a hand with their compliance regimes.
2. What's the biggest obstacle you're currently facing?
The GDPR is unprecedented in terms of laying down requirements for data protection in Europe. So, by definition, there are not many legal examples to draw upon by those attempting to build compliance programs for their companies. Regulators are in a similar position, as they decide how to enforce this new law and provide guidance to those that must comply. The unparalleled nature of the law creates an absence of legal certainly in some cases, that makes it hard to settle on specific steps that can be taken to eliminate risk.
3. What has been your biggest learning over the last two years when it comes to GDPR implementation?
The GDPR is not the first privacy law Europe has seen. In fact, the requirement to comply with the existing ePrivacy Directive is not going away on May 25th. Instead, important definitions, such as that of consent, point to what is in the GDPR instead. So, in addition to the GDPR, companies should also be prepared to comply with member states' implementations of the ePrivacy Directive on May 25th.
4. How has the GDPR changed your company culture around data protection?
Historically, the privacy function of many companies did not receive much attention. In fact, success in our area was often measured by lack of visibility which also typically meant an absence of regulatory scrutiny. The GDPR has certainly changed that, and provided privacy professionals with the spotlight. At our company, people in literally every department are on a first name basis with me as we prepare for the new law. At times the newfound attention is confounding, but it's balanced with a general awareness for the privacy forward decisions we've made. This ultimately makes my job easier!
5. From your POV, what does/will the GDPR mean for our industry?
Accountability and transparency are two of the core themes of the GDPR. The new law requires a tremendous amount of time, effort and attention for companies as they make themselves ready in advance of the impending enforcement deadline. For those that have put in the work, the GDPR represents a real opportunity for our industry to establish trust with the public, and a chance to educate Europeans on the important role our technology plays in the digital world they make use of.