Raising Internal Awareness About GDPR is Main Challenge, Say Subscription Businesses
With the countdown to the arrival of GDPR reaching the critical stages, more than a third of subscription businesses say that their biggest remaining challenge is raising internal awareness and knowledge about the legislation.
GDPR comes into force May 25, with major implications for subscription businesses that collect personal data from B2B or B2C customers located in the EU. MPP Global hosted two recent webinars, focusing on the roles of data processor and data controller, to help businesses understand their responsibilities under the new regulations.
Research conducted during these webinars uncovered that the main challenge identified by 34 percent of attendees ahead of GDPR was ensuring that their colleagues were aware of the changes in legislation and the potential implications of a breach.
“These findings show that there is still some work to be done around GDPR,” said MPP Global CEO and Co-Founder Paul Johnson. “GDPR comes with potentially catastrophic penalties for businesses found to be in breach of the legislation, so it’s certainly a cause for concern that many of our attendees felt that not enough had been done to educate staff about what their responsibilities will be.”
“MPP Global has been working hard to help businesses understand their responsibilities as data controllers under GDPR through our comprehensive content,” said Johnson. “However, this kind of information needs to be disseminated internally, as well, to ensure there aren’t any costly compliance issues.”
Other challenges flagged by businesses included re-opting in their customer base, data storage & security and managing personal data requests. These types of issues are common across MPP Global’s client base, so changes have been made to its eSuite subscription software to make GDPR compliance much more straightforward.
“In MPP Global’s position of a Data Processor powering the subscription business models of the world’s leading publishing, media and retail companies, we have evolved our eSuite platform to meet the stringent requirements of the new GDPR legislation,” said Johnson. “eSuite has been PCI-DSS Level 1 compliant for many years, which gave a solid foundation for building out the environment for GDPR compliance.”