On May 23, executives from across the Denver area gathered to discuss the GDPR and data privacy in the US with technology experts from Inversoft, SendGrid, and SpotX. This was a unique event bringing together speakers from three disciplines that are impacted by the GDPR in different ways: Identity Management, Email Marketing, and Video Ad Technology. With over 100 people registered, the presentation was pushing the capacity limit of Level Offices Downtown Denver events room, but thankfully everything worked out.
The Basics of the GDPR and Data Privacy
The presentation started with Brian Pontarelli, CEO of Inversoft going through the basic principles of the GDPR and explaining that even though it is a European regulation, it will have almost as much of an impact on US companies. Then SendGrid’s Principle Data Scientist Aaron Beach stepped in to clarify how the GDPR expands the definition of personal data beyond what we typically have considered personally identifiable information (PII). Eric Shiffman, Product Marketing Manager from SpotX then explained the concepts of data collection consent, and how companies can establish a lawful basis for processing customer data. Finally, they explained that the main point of the GDPR is to ensure that every organization incorporate data protection by design and default into all their data collection and processing workflows.
How the GDPR and Data Privacy Impacts Each Industry
A unique aspect of the presentation was how it provided a perspective of data as it travels from an initial customer registration and login, through an external data processor, and then finally into the general application and use of that data to deliver ads on a customer as they view sites across the internet. Brian started the beginning of the journey, explaining how identity management systems need to be able to collect, organize, and manipulate personal data for customers. Aaron then explained how third parties control and maintain data privacy through email and other processing challenges. Eric then closed out the process by showing the complex data sharing that happens in the milliseconds before a page loads in their browser.
Questions about the GDPR and Data Privacy
To close out the presentation, the speakers took questions from the audience and there were a lot to be sure. Many pointed out that one of the challenges of compliance with the regulation is how it seems to outline general principles to protect data privacy without defining specific requirements to fulfill, and this is absolutely true. While it does leave a degree of gray area as far as compliance, the authors of the GDPR understood that every company uses data differently, and data practices will continue to evolve. They tried to provide principles around data protection, and leave room for organizations to apply those principles to their unique business model as they see fit. Will this approach allow for easier compliance, or will it lead to a litany of litigation? Time will tell.
Download the Resources
If you are interested in how your US-based company will be impacted by the GDPR, you can watch the video, download the slides and get additional resources here. It covers GDPR data concepts as they relate to identity management, email marketing, and video ad technology and more.
Learn More About Passport
Passport is designed to be the most flexible and secure Customer Identity and Access Management solution providing companies with the tools they need to be GDPR compliant. More than a login tool, we provide registration, data search, user segmentation and advanced user management across applications. Find out more about Passport and sign up for a free trial today.