Are marketing technology vendors invested in compliance readiness for the General Data Protection Rule (GDPR)? Or have they taken the casual, toss-up-a-few-blog-posts kinda approach? Tim Walters, partner and privacy lead with New York City-based Digital Clarity Group and a GDPR analyst, told CMSWire the commitment from MarTech vendors is all over the map. Taking an informal survey on MarTech vendor websites, he was surprised to see a lack of GDPR insight given the GDPR will “fundamentally affect the way most companies do business around any kind of personal data.” Walters called the lack of information suspicious and problematic, adding lately he has seen some vendors “getting on the bandwagon.”
They surely have a lot of work to do, as we discussed in this week’s report on MarTech vendors and GDPR compliance.
Beyond GDPR Whitepapers?
Walters is not alone in his thinking. “Vendor responses to the ‘preparation for GDPR’ question range from detailed, dedicated GDPR website pages to the offer of generic ‘here’s how you prepare’ themed whitepapers,” said Lisa Loftis, principal consultant for CI Advisory Services for SAS Best Practices. “And frankly, given the compliance deadline of May 2018, I believe that any vendor who is not deep in the throes of formulating solutions for this has already missed the boat.”
Zachary Paruch, product manager and legal analyst at Termly, where he works to build legal policies for American companies and vendors, thinks most MarTech vendors are only vaguely aware of GDPR. “As it is EU legislation, those of us in the US are skeptical of its scope and efficacy, particularly here in the states,” he said. “MarTech vendors do not recognize the extent of the overhauls they need to make, and are waiting for the legislation to take effect in May to see what pans out.”
Anne P. Mitchell, attorney and CEO/President of SuretyMail, believes far too many are behind the curve, and very few are ahead of it.”In the industry groups to which we belong,” she told CMSWire, “we’re only just starting to see the panicked questions.”
MarTech Vendors on GDPR
Let’s crack the vendor code, shall we? We caught up with a few MarTech providers about their GDPR compliance plans.
Lewis Barr, general counsel and vice president of privacy at Janrain, told CMSWire that the Portland, Ore.-based company conducted a gap analysis to determine the work it would need to do in separate roles as a data controller and a data processor. “We are a data controller with respect to the personal data we collect from business prospects and other individuals, such as those submitting their data on our website to request a whitepaper or sign up for a webinar, and we are a data processor with respect to the personal data we receive from our customers’ online properties and store for our customers as part of our services,” he said.
Janrain had already implemented EU-U.S. Privacy Shield self-certification and third-party audits and security controls for compliance with ISO 27001:2013 and the SOC 2 Type 2 Availability, Security and Confidentiality Trust Principles.
On Tuesday, Janrain formally announced two cloud security certifications, including one specifically for PII handling, which is a central part of the GDPR legislation, company officials said.
Catch the full article here!