Gigya launches programme to help clients prepare for GDPR

26 May 2017

The GDPR takes effect in May 2018 and applies to all organisations around the world that do business with EU citizens.

The GDPR takes effect in May 2018 and applies to all organisations around the world that do business with EU citizens.

Gigya has launched a programme to help clients prepare for the EU’s upcoming General Data Protection Regulation (GDPR).

The US-headquartered customer identity management specialist says its Privacy by Design programme will offer customised evaluation and implementation services.

GDPR takes effect on 25 May 2018. Gigya describes it is a "radical" revision of EU consumer data privacy and protection laws (also see News, p2, Jan 2016 issue).

Consumers must be given full control over their data under GDPR, with simple and easily accessible controls for changing, downloading or deleting stored information. 

Furthermore, brands must obtain consent for every specific use of customer data, using plain language that clearly explains the purpose, and must maintain a record of that consent.

Gigya points out that the regulation’s impact isn’t limited to Europe – all organisations around the world that do business with EU citizens must comply, even if they have no physical presence in the region. 

Those who fail to comply will face penalties of up to four per cent of annual revenue or €20 million (around £17 million), whichever is greater.

According to Gigya, the GDPR specifically encourages organisations to pursue a ‘privacy by design”’ approach. This  relates to the idea of building customer identity management and related systems from the ground up with a commitment to protecting the rights of consumers.

The firm claims its Privacy by Design programme helps clients understand their customer identity management infrastructure. This includes the processing and storing of user data generated from online registration, as well as profile, preference and consent management, across all their digital properties.

The programme will be delivered by GigyaWorks Global Services team who begin by asking clients to complete a technical self-assessment to determine which aspects of GDPR apply to them.

The team then works on site with the client’s marketing, technology and legal teams to define and customise best practices for addressing GDPR requirements utilising Gigya’s platform.

Based on the outcome of the self-assessment and on-site workshop, a ‘Privacy by Design Blueprint’ is produced as a guide for configuring the platform and implementing the recommended changes.

A quality assurance review is later conducted to verify the client’s chosen functionality has been implemented.