PRIVACY INSIGHT SERIES

Winter / Spring 2018 Webinar Program

Marketing under the GDPR:

What You Can and Cannot Do
17 January 2018

© 2018 TrustArc Inc Proprietary and Confidential Information

Today’s Speakers

James Koons
Senior Consultant, TrustArc

Darren Abernethy
Senior Global Privacy Manager, TrustArc
(Moderator)

2 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Today’s Agenda

• An Overview
• Data Statistics
• The GDPR’s Impact on Marketing
• Practical Tips for Marketers

3 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

A Quick Overview

4 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information

Overview

Source: TrustArc/NCSA

5 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Some Fast Facts on Data

• 2.7 zettabytes of data exist in the digital universe

today – one zettabyte is 931,322,574,615.48 GB
• IDC estimates that by 2020, business
transactions on the Internet - business-to-
business and business-to-consumer – will reach
450 billion per day
• Akamai analyzes 75 million events per day to
better target advertisements
• Data production will be 44 times greater in 2020
than it was in 2009

6 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Overview

Source: Symantec

7 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

The Impact of the GDPR on

Marketing

8 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information

The Impact of the GDPR on Marketing

9 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

The Impact of the GDPR on Marketing

10 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

The Impact of the GDPR on Marketing

11 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

Practical Tips for Marketers

12 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information

Collecting & Using Business Cards

13 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Sharing Delegate Lists

14 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

 Legitimate Interest and Recital 47

…The processing of personal data for

direct marketing purposes may be
regarded as carried out for a legitimate
interest.

15 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Legitimate Interest and Recital 47
Article 6(1):

Processing shall be lawful only if and to the extent that at least

one of the following applies:

a) the data subject has given consent to the processing of his

or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to
which the data subject is party or in order to take steps at the
request of the data subject prior to entering into a contract;
c) processing is necessary for compliance with a legal
obligation to which the controller is subject;
d) processing is necessary in order to protect the vital interests of the
data subject or of another natural person;

(continued)

16 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Legitimate Interest and Recital 47
Article 6(1) (continued):

Processing shall be lawful only if and to the extent that at least one
of the following applies:

e) processing is necessary for the performance of a task

carried out in the public interest or in the exercise of official
authority vested in the controller

f) processing is necessary for the purposes of the legitimate

interests pursued by the controller or by a third party, except
where such interests are overridden by the interests or
fundamental rights and freedoms of the data subject which
require protection of personal data, in particular where the
data subject is a child.

17 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Legitimate Interest and Recital 47
Recital 70
Where personal data are processed for the
purposes of direct marketing, the data subject
should have the right to object to such processing,
including profiling to the extent that it is related to
such direct marketing, whether with regard to initial
or further processing, at any time and free of
charge. That right should be explicitly brought to the
attention of the data subject and presented clearly
and separately from any other information.

18 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

LinkedIn

19 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Existing Contacts Database and Permission

20 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Existing Contacts Database and Permission

21 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

Possible Action Items & Technology Solutions

• Mapping data flows — identifying and inventorying EU personal data

• Revising privacy notices to meet heightened transparency
requirements
• Reviewing webforms and consent language/means — for central
storage and audit trail purposes
• Cookie consent solutions to capture end user preferences
• DPIAs for new marketing initiatives that may involve high-risk
processing
• Automatable systems for managing individual rights requests across
the org (Arts. 15-23)
• Marketing vendors assessments and contract reviews for GDPR
compliance
• Certifications/compliance with 3rd party OBA practices and
implementing AdChoices

22 Privacy Insight Series - trustarc.com/insightseries #trustarcGDPRevents © 2018 TrustArc Inc

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

Questions?

23 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

Contacts

James Koons jkoons@trustarc.com

Darren Abernethy dabernethy@trustarc.com

24 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information

TrustArc - A Leader in the EU Consent Market Since 2012

• TrustArc has been an innovator and • Cookie Consent Manager & Direct
leader in EU consent since 2012 Marketing Consent Manager part of

• EU Cookie Consent clients include large TrustArc Privacy Platform – designed to

and small companies across all help companies comply with over 40

geographies and industries Articles of the GDPR

• Large and experienced team of TrustArc

Technical Account Managers supports
client implementations

© 2018 TrustArc Inc Proprietary and Confidential Information

PRIVACY INSIGHT SERIES
Winter / Spring 2018 Webinar Program

Thank You!
Register now for the next webinar in our 2018 Winter / Spring
Webinar Series “Best Practices for Managing Individual Rights
Under the GDPR” and is due to take place on February 14, 2018.

See http://www.trustarc.com/insightseries for the 2018

Privacy Insight Series and past webinar recordings.

26 #trustarcGDPRevents © 2018 TrustArc Inc Proprietary and Confidential Information