What’s Your Profiling Strategy for GDPR? “Are You Getting My Good Side?”

With the deadline for GDPR compliance under a year away, if you haven’t thought through how your company profiles users, and if you have the rights to do so, you could find yourself in a big trouble.

Are you getting my good side? With the deadline for GDPR compliance under a year away, if you haven’t thought through how your company profiles users, and if you have the rights to do so, you could find yourself in a big trouble. Conversely, if you get this key part of GDPR compliance right, you are in great shape. I’ve written before that companies need to get their GDPR “Un-Readiness Assessments” done. If you are not well underway in this regard, stop reading now. If you are, I think this will help.

We’ve been talking a great deal to the members of our GDPR Partner Program. Three big next steps are consistently emerging as priorities:

1. Profiling: Your company must know if it is profiling EU Citizens and what kind of data is going into the building of these profiles. This covers data your company collects directly and data your partners collect on your behalf.
2. Legal Basis: If I am profiling, what is my legal basis for processing the different types of data that go into the profile that I build and that partners build from my data. This will guide your company to determine where you have a legitimate interest to process the data without prior consent vs. where you need to obtain consent from the user in advance.
3. Designating a Data Protection Officer: Do I need a DPO?

I’m only going to cover 1 & 2 in this post, as the need for a DPO is well-covered. You can read the full post here on the Evidon Blog. Please feel free to share your thoughts with me directly at scott at evidon dot com, and on Twitter @scottmeyer and on LinkedIn.