Digital agency, comply now !
Author : ROMAN3D,
WEBSITE
In the 90s, the beginnings of the Internet, with the creation of the very first websites, gave rise to a completely new field of activity: web agencies (or digital agencies). But from that period to ours, there has been a long way and a lot of change. But from that period to ours, there has been a long way and a lot of change.
Indeed, the first web agencies, which are and still remain companies specialized in various forms of communication and promotion on the Internet, are now facing new, much more constraining realities. Gone are the days when advertising was done almost by harassing visitors to a website. Nowadays, with GDPR, there’s no question of being careless when it comes to collecting personal information, for example, to target advertising.
But What Are the Risks for a Digital Agency That Doesn’t Comply with GDPR ? What creative solutions are available to digital agencies to comply with GDPR ? But First, Let’s See What GDPR Actually Is
What is GDPR ?
GDPR stands for General Data Protection Regulation. It is a regulation of the European Union and is the reference text for the protection of personal data.
GDPR stands for General Data Protection Regulation. It is a regulation of the European Union which is the reference text for the protection of personal data.
It was put into effect in May 2016, thus repealing all previous provisions, notably the Personal Data Protection Directive 95/46/EC adopted in 1995. The GDPR actually took effect in May 2018, in the 27 countries belonging to the European Union.
Digital agencies and GDPR compliance ?
In truth, customers’ personal data is valuable and must be protected. It is for this purpose that, while data collection can be done through traditional channels such as paper forms, customer loyalty programs in stores, etc., the most common method nevertheless consists of using online forms, directly from websites, or through tools such as ERP (Enterprise Resource Planning) or CRM (Customer Relationship Management) software.
Moreover, consent and opt-in
Under these conditions, digital agencies have several obligations towards clients. First, managing visitor consent. Indeed, the visitor must accept the storage and use of their data by the web agency. However, consent must be clear and unambiguous, without pre-checked boxes or convoluted wording. The use of data must also be fully consistent with the information provided. If a person has agreed, for example, to subscribe to the newsletter to receive your latest articles, they should not receive advertisements for your offers or year-end promotions instead.
In addition to this, there are obviously other obligations that digital agencies have towards clients or visitors. Among others, we have data access, which requires digital agencies to provide a means for clients and visitors to have easy access to their data. Portability is also part of digital agencies’ obligations. Furthermore, digital agencies are required to inform their clients in case of information leakage, following a cyber attack for example.
But these are only part of the obligations imposed on digital agencies by the GDPR in the context of respecting the privacy of their clients and users. Because if you do not respect these imperatives, you expose yourself to serious problems!
What risks does a digital agency face by not complying with GDPR ?
The GDPR should not be taken lightly. Unlike the CNIL, the GDPR doesn’t do things by halves ! By trying to be ‘too clever‘, in any way, digital agencies expose themselves to a double penalty. First, the possibility of ending up behind bars for agency members, and also a fine that, believe us, will wipe the smile off your face for a long time.
Indeed, Article 84 of the GDPR allows Member States to introduce additional sanctions for GDPR violations, including to complement the GDPR. This is mainly to punish infringements that are not subject to fines under Article 83 of the GDPR.
In France, these are found in the section ‘Violation of personal rights through files or computer processing‘ (articles 226-16 to 226-24) of the penal code. For example, there is a criminal sanction for the misuse of personal data in the context of data processing (article 226-21 of the penal code).
Criminal sanctions can go up to 5 years imprisonment and 300,000 euros in fines (article 226-16 of the Penal Code), and much more in cases of more serious offenses (up to 20 million euros in fines).
What creative solutions are available to digital agencies to comply with GDPR ?
Overall, to avoid all these ‘hassles’ with GDPR, several solutions exist, including a very creative one that has been around for a while in France. All in all, it’s Axeptio. Thus, it’s a French platform, the very first ‘consent-as-a-service’ actually. More precisely, it handles consent management; this type of platform is also known under the acronym CMP. In short, Axeptio is specifically dedicated to the collection, recording and restitution/attestation of consents given by consumers in the field of personal data management.
Moreover, it can also ensure the transmission of consent to all partners, users of the collected data for whom the authorization request was submitted. Essentially, Axeptio therefore manages the procedures for collecting authorizations, those related to data access, but also those aimed at proving that users have truly given their consent.
To learn more, read our article :
To conclude
Therefore, in summary, the evolution of the digital world and the creation of new rules have completely changed the landscape of data collection. Indeed, digital agencies now have greater responsibilities in managing personal information of their clients and visitors. Above all, it is in their interest, as a breach of GDPR can cost them dearly. However, to comply with the new GDPR provisions, there are simple and quite creative solutions. In fact, Axeptio is one of them; it’s the first French platform specialized in managing customer consent.
