Five last minute things you must do today GDPR

A Quick Overview of the last minute things you can do, to comply with the GDPR in the first stage

You are too late and you know it. GDPR will hit us all tomorrow night and there is nothing we can do about it. As most of us are struggling to implement the full scope of GDPR, I know that you are having trouble prioritizing as well. The fact of the matter is, you have got one days work left to meet the most important requirements.

When you are short on time, you’ll need to prioritize. Here are the five pragmatic things that I would do today; worry about the rest tomorrow.

Note: This list is for everyone, if you run a b2b or b2c company, you should implement these five things before the deadline.

(01) Single opt-in newsletter subscribers

Collecting new Subscribers in a double Opt-In Process is nothing new, however, many people still have active contacts in their mailings that were once registered in a Single Opt-In Process.

Create a Segment of Subscribers that have been added manually or that signed up in a single opt-in process. Inform them about the changes before the 25th; you are not allowed to send them emails after the deadline without their consent. Therefore it is incredibly important that you get that double opt-in before the deadline

(02) List all tools where data could be saved

You need to know and show your customers/clients/employees where data is saved. Once you have that list, google that company + gdpr or in German (DSGVO). You will find a form (or better to say a contract) that you will need to sign or get signed by your companies managing director.

A copy of that signed document needs to be sent back to the Tool and they will countersign the document and send it back.

Remember its not only about your customer’s data but also about the date from your client and employees. Here are some examples

  • Storing employee records on a third-party software
  • CRM Tool to keep your Sales Funnel up to date
  • Using Google Drive to store customer data

(03) Create a quick processing directory

As previously explained, the GDPR concentrates on personal data. Your employee and clients data are also protected by the regulations. In order to fully understand how your firm processes the data and who has access to that data, you need to create a processing directory.

Note: This directory should be thoroughly created and designed. Due to the little time you have, I will quickly explain how you can create a quick and dirty version.

Create an excel file and list all your departments in the first column. Afterwards fill every row with the following information about that department.

  1. Description of the categories of affected persons (Name, Adress, IP Adress, Biometric Data etc.)
  2. Recipients whom the personal data have been disclosed or yet to be disclosed (HR, Marketing, Sales etc.)
  3. Is the data being transferred to countries outside of the EU (yes/no)
  4. When will the Data be deleted (E.g. After the End of the contract)
  5. Scheduled deadlines for the deleting the various categories of data
  6. What security measure is in place  to secure named data (E.g. encoding, external VPN, alarm system, regularly change passwords, key management etc.)
  7. Why are you allowed to save that data (legal basis)
  8. Do any service provider store the data (third-party tools)

(04) Your Website

Every firm has a website and your website is the first address people will start checking if you are operating within the means of the GDPR.

1. Check if you comply with the Google Analytics (GA) regulation.

  • Check if you are IP Tracking is set to anonymized
  • If you haven’t been tracking anonymized IP Addresses, make sure to delete the Historical Data.
  • Update the privacy policy in GA
  • Make sure that visitors can opt-out of being tracked from GA

2. Set your privacy policy page to “no-follow” and afterward check the content.

3. Check if you are embedding YouTube with the privacy option

4. Check if your social sharing buttons are integrated with the Shariff-Solution or 2Click-Solution

(05) Write down what you have done so far

Solid documentation is half of GDPR. Make sure that you write down exactly what you have done to meet all requirements and save that in one central folder. It’s important to show that you are proactive about complying the regulations. As stated in a previous post, only a handful of firms will be complying with 100%. To ensure that you will be compliant within the next few months, document every step of the way.

If you have any further questions about our quick-fix solutions, feel free to contact us. You are welcome to use the comment section to share other quick wins and solutions that can be implemented at the last minute.

My View on the General Data Protection Regulations

Only a few Days left until the General Data Protection Regulations kick in

In a few days, everyone will feel like they have graduated from college again. The time to implement the General Data Protection Regulations (GDPR) or also know as “Datenschutzgrundverordnung (DSGVO) will end at 11:59pm. Many firms are waiting until next week to start with the first implementation, some have been working on it for months and some people will finish just on time. I guess, nothing has changed since college.

If you run an a data-heavy business or are part of a larger corporation, you are most likely part of a group of people that don’t have to worry too much anymore. You have been notified by your lawyers 2 years ago that there are some changes coming. However most of the people are not prepared and if you are prepared, you are still worried if you comply with all the regulations that have been set.

At this point, it is important to inform you, that most likely only a handful of firms will be complying with the GDPR to 100%.

Who is affected by the GDPR / DSGVO?

Everyone who is interacting with personal data of European citizens has to comply with the regulations. Many people are confused by the term “personal data” and believe that the term focuses on consumer or customer data, this is not true. The information about your employees, service partners, and logistic partners are also personal data. Meaning, if you are currently a one-man-show startup or a 200 employee strong business, you have to comply with the GDPR in one way or another (B2B or B2C in the EU).

The easiest way to put it, if you are hosting a website for your business and you have traffic coming in from EU Citizens, you are part of the GDPR.

Help! What can I do?

First of all, breath and remember that you are not alone. When you wake up on the 26th of May, you won’t get a phone call from your lawyer letting you know there is a 2.000.00 € lawsuit coming your way.

At this point in time, you will most likely not be able to implement every change if you haven’t started yet. However, you are able to set the foundation for your further efforts.There is enough information online for everyone to read for the next few years. Inform yourself about the fundamental changes and what you can do to take the first steps.

The 2 biggest task for firms:

  • Make a list of every department, what data they work with, how they work with the data, who has access to that data and what measures have been taking to secure that data.
  • Make a list of service providers you work with, that stores personal data of you, your consumer, your employees or anything else and ask them what you need to do.

The key aspect is to show effort this late in the process. If your firm is not yet complying with all regulation, take the needed measures to build the needed foundations and build from that.

This is just crazy!

The changes of the GDPR / DSGVO are designed to Facebook and Google, and this can be frustrating for a lot of firms. However, if we are being honest with ourselves, the basic principles and the idea is way overdue and the effects of that have been visible in the news for the last months.

Still, I believe that many principles of the regulations cannot be implemented in every market. Two key design flaws of the regulations are, not to differentiate between a B2B and B2C Markets and declaring every personal data aspect to a white house security level.

Say for example you are visiting the biggest fair for your market and you ordered 200 brand new business cards to hand out in the next few days. At the end of the 2 days, you have handed out most of your business cards and are holding almost 200 new ones. Back in the office, you will upload all the new contacts into your sales software, to follow up on any conversations you have. However, before you are able to follow up you will need to send the business card owner a formal Email notifying her or him, that their contact information is now stored in your systems and that if he wants to opt-out he can do this by contacting you. After you have written this email you will have received 200 emails notifying you as well, that your contact information is now stored in their systems.

Whoever doesn’t know that their contact information is stored somewhere after handing it out, should not hand out business cards at all. You shouldn’t need to notify them about saving the contact information.

Therefore I believe that the current regulations will not stand as they are today, change will come in the near future. Despite that, firms will need to take action and we will all learn more about data privacy in the past 10 years.

I want to know more about the GDPR / DSGVO and I have some questions.

We have worked closely with our clients to prepare them for the regulation changes. During that process, we have gained interesting and powerful insights.

If you are looking for a young and energetic group of entrepreneurs to help you out. We would love to get in contact with you help you.

We are not lawyers but we can share some of our insights and take a look at your current organizational situation – from a purely pragmatic point of view. A fundamental view of your structure and a list of your highest pain points is the first step into a GDPR / DSGVO friendly life.

No one will be done on the 25th of May, even if you believe you are the GDPR doesn’t stop after that Date. It’s at that point in time, where the GDPR will take a real effect on your business. You need to be able to understand the regulations and the implications for new processes within your company.

P.S.

A sign that none of the regulators really ever developed a digital product is, setting the go live for a Friday evening. Just so that the problems can come flying in, first thing on Saturday when no one is working. If you have ever launched a digital product on a Friday, you will know what I am talking about.

GDPR countdown are you prepared

The 25th of may 2018 is closing in quickly on all of us. Yes, there is no point in denying that this might be the single biggest day of the year for all Europeans and those of us who work together with European companies or customers.

The new European data protection laws will go into effect as of the end of may. Okay, there is really not point in acting surprised about that. It has been known to each and every one of us for good over two years now. But the thing is, most of us have tried to simply forget about it for two years.

And with good reason.

A wave of change is about to hit us

The GDPR is probably the largest change in data protection that we see in the next few decades. It covers all European citizens, their data rights and tells us how we “should” work with data. It sets new security standards across the board in every single industry and forces us to look at who has access to what and how we work with our own and consumer data.

And in all fairness, we could say that there is nothing wrong with that right? We have collectively looked the other way when it comes to data protection for a long time and this is the first real wake up call for all of us.

In light of recent events surrounding Facebook, it seems as though we sort of had this coming. And although the larger US-tech companies are hesitant to cave in to the GDPR, there are obvious monetary incentives (fines) that could force a considerable wave within even the most hesitant of industries.

Less than 10 days left

Together with our clients and partners we are counting down the days on when the GDPR will hit us.

But we don’t really know what the full impact of this legislation will truly be. Some countries, such as Austria, have started to loosen the regulations regarding GDPR for some professions and industries already. It is not very unlikely that other countries will follow suit when they notice that parts of the regulations are very difficult if not impossible to implement and uphold.

Not only companies and consumers will be hit by this regulation, but govermental organizations as well. And as far as the rumors go, very few govermental organizations will be done with the full implementation of the GDPR regulations by May 25th of this year.

Not sure if your company is meeting “all” requirements?

No problem, most companies don’t know where they stand when it comes to GDPR (DSGVO as it is called in the German speaking language area).

If you would like we can surely share some of our insights and have a look at your current organizational setup – from a purely pragmatic point of view. We are not lawyers, but we can at least tell you which pain-points might be coming your way and explain why it is important to address them as soon as possible.

Time is ticking… And even if the bomb doesn’t go off on May 25th (just yet) we can count on it going off in the months to follow.

Continuous stakeholder buy-in crucial to your venture success

When to work on what?

Operational excellence can be achieved when things are done right and efficiently. However, we believe that it is just as important to manage expectations well and work on the things that create value in line with stakeholder expectations continuously.  

Understanding when it is critical to a project to work on something aspect of its development and managing expectations is crucial to the longterm success of your venture.  „Continuous stakeholder buy-in crucial to your venture success“ weiterlesen

Flexible Insurance Products Can Enable Insurer To Build A Stronger Customer Relationship

Are Insurtech product innovations something that traditional insurances should let startups take care of? What are some of the opportunities and challenges that insurance companies face with regards to Insurtech innovation? In this article I will elaborate on how startups use flexible insurance products to get a foot in the door in the world of insurance. Next that that, I will highlight some of the missed opportunities that corporate insurer should start to address, right now. „Flexible Insurance Products Can Enable Insurer To Build A Stronger Customer Relationship“ weiterlesen

How do you know you are in control of your data?

Want to find out whether you are really in control of your own data? In this short YouTube-Video we dive into the topic of data ownership.

As a decisionmaker, Data Quality is probably the one topic that is holding you back most on a day to day basis. If you want to be able to judge whether data is truly clean, you need to know where it came from. In our opinion you need to understand how data is collected to determine the quality of your data.

Therefore the first simple question we generally ask when we get started on a project is: Who do we need to go to for the insights that we need to be able to help you?  In this short video we dive into the answers we get and some straightforward implications of poor data ownership.

„How do you know you are in control of your data?“ weiterlesen

How to: Cohort Analysis in Tableau

 

Cohort Analysis are used to study the behaviour within your customer group and gives you the ability to understand your customer preferences, causes and even actions on changes to your product or strategy.

We love Tableau!

Are you running an ecommerce business, offering services through digital channels where you interact regularly with your clients? You definitely need to have a look at your cohorts!

It shows you exactly which marketing activities led to wich amount of commercial success and breaks down your clients buying activities into a meaningful fraction and shows you exactly the amount of days/ weeks your client took to repurchase or reorder.

 

An example of Churn Rates with newly acquired customers within a period:

„How to: Cohort Analysis in Tableau“ weiterlesen

Questions data will answer you

Your Business, regardless of the size and focus (B2C eCommerce vs. B2B Corporate) will definitely benefit from a thought out data strategy. In today’s technology driven business world quantitive and qualitative information is key to success and enables the decision process thorough repetitive and reliable input.

Here is an example of questions data can answer you:

Sales/ Marketing/ Analytics

– Which sales channels are best for our customer groups?
– How successful was a marketing campaign?
– Which customer segment shall I focus on?
– What are the purchasing activities of our cohorts?
– How successful was the sell-out of certain brands/ products?
– What is my competitor doing in terms of marketing activities?
– …

Product Management

– In which products shall we invest?
– What is the optimal pricing for our product?
– Which impact does conversion improvement bring to my business?
– What is the customer journey and how can I improve it?
– …

Sourcing

– Which products shall we source for the upcoming season?
– Which sizes are the best selling one?
– … „Questions data will answer you“ weiterlesen

3 ways your company can benefit from a digital back office

One of the services that we offer is that we work as the digital back office for SMBs. We use our expertise to fill the gaps wherever it is needed. There are a number of ways that you can use our expertise and with this post we would like to share three ways that your company can benefit from our digital back office service.

Process and workflow digitalization

Many aspects of a business can be streamlined and set up more efficiently. The digitalization of workflows is an area of business in which midsize companies and corporate can create tremendous efficiency gains.

We see that many midsize companies still have a lot of paperwork that is done manually. The digitalization of workflows and processes can lower employee distress and workload. Whereas time and efficiency gains help teams focus on that what they do best.

This part of our business involves both strategic help as well as digital project management. It could be that: you are introducing a new inventory management system within the company. And would like to streamline the in and outbound handling processes, but you do not have resources left on your team to manage the process. This is exactly where our digital project management back office service comes in. „3 ways your company can benefit from a digital back office“ weiterlesen

How setting targets can help optimize your omnichannel resources effectively

Resource allocation and optimization is a topic that many retailers do not look at often enough. Budget allocation decisions are generally taken once or twice a year. This is usually done when it is time to purchasing the goods for the next season.

In our opinion, one of the core capabilities of an omnichannel organization is being able to perform analytical optimization. Analytical optimization might sound very technical, but by that we mean that you should look at each part of your business through the eyes of a business intelligence expert. Of course not every organization has these resources and capabilities in-house. However, if you go about these processes pragmatically, there is a lot to be gained.

We believe that it is important to plan more regularly and in shorter cycles.

For retail businesses this means using the off-season dips to plan and optimize your business. The summer months are great for that. Especially in fashion retail, businesses focus too much on top level revenue and inventory levels. The Winter months are the ones in which the money is made. Therefore you need to plan ahead, build up cash reserves and give yourself time to breath in the summer months. „How setting targets can help optimize your omnichannel resources effectively“ weiterlesen