T-Minus 79 days and counting. With the impending enforcement of the GDPR looming, brands and the technology vendors that power their businesses are scrambling to ensure compliance.
At mParticle, our job in the digital ecosystem is helping to orchestrate customer data flows, and we have seen firsthand that GDPR has already become a major point of friction. We are excited to announce the launch of OpenGDPR in collaboration with AppsFlyer, Braze (formerly Appboy), and Amplitude to help brands and their digital ecosystems quickly and efficiently address the GDPR requirements as it relates to data subjects rights.
Under the GDPR, every individual has the right to data access, portability, erasure, and more. And many businesses are not prepared to honor those rights mainly because of the way their customer data is structured. It’s kept in solitude across different systems, managed by separate teams, making it difficult to view, let alone erase all the data a company collects on each individual.
To complicate things even more, enterprises on average employ 91 cloud services* in marketing ALONE! And when you start to add in payment systems, customer support vendors and beyond, the number of places where GDPR can affect a business increases significantly. All of these services have access to customer data and will need to be able to receive and honor data subject requests.
OpenGDPR was developed to simplify the process of receiving and fulfilling these request for brands and technology vendors alike.
What is OpenGDPR
OpenGDPR provides a common framework for brands and vendors to programmatically communicate GDPR requests around data subject rights, including data access, portability, and, erasure. It eliminates the need to translate requests across provider-specific APIs with a public API that can be leveraged by both data controllers and processors.
This means after receiving and authenticating a request from a data subject, brands can automatically share the request with all of their authorized vendors that have adopted the OpenGDPR standard. This accelerates compliance and significantly improves a brands ability to honor requests within the required timeframe of 30 days.
In addition, OpenGDPR provides a standardized way for the ecosystem to prove request transmission and acceptance, as well as share the status of each request (ie. if it’s incomplete, in progress, or completed). In the case of an audit, brands leveraging this framework would easily be able to demonstrate compliance.
GDPR compliance is an ongoing process that involves a multitude of parties. It’s not just up to brands to comply, but the entire data ecosystem, specifically those classified as data processors, must also prepare their businesses for compliance. OpenGDPR was developed to encourage the extensive ecosystem of technology vendors to collaborate on GDPR compliance initiatives to make it simpler for everyone involved.
For more information check out www.opengdpr.org.
*Mary Meeker Internet Trend Report 2017