A new set of European rules and standards related to privacy and data protection (theGeneral Data Protection Regulation, or GDPR) has set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. The regulation is designed to harmonize privacy across the EU, codify more rigorous privacy rights; strike a balance between privacy and security and create an explicit obligation for both data controllers and processors to demonstrate compliance with GDPR. The clock is ticking – the regulation goes into effect on May 25th, 2018, and the potential penalties for non-compliance are significant (organizations found to be in breach of GDPR may be fined up to 4% of annual revenues or 20 million Euro, whichever is the greater).
Social media and enterprise collaboration platforms like Workplace by Facebook and Microsoft Yammer create unique compliance challenges under GDPR. Although social media has experienced exponential growth, it is still very much in its early stages from a legal and regulatory perspective. This is continuously challenging organizations on the daily as they struggle to nail down their compliance with record-keeping regulations like the GDPR.
Here are 4 key challenges to consider in developing your compliance strategy:
1 -- Data Protection and Privacy
Organizations should evaluate how they collect social media data and address their intentions publicly prior to collecting such data. This can be done on corporate websites and social media in clear policy statements.
2 -- Employee Rights on Social Media
Policies to help guide the use of social media in the workplace are commonly in place, but the issue is that these policies must not conflict with other privacy laws. These policies must be revisited taking GDPR into consideration.
3 -- Governance and oversight
Firms are increasingly allowing employees to use social media for business purposes, but both GDPR regulators and regulations such as FINRA and the SEC in the financial services industry, now demand that organizations develop strong internal procedures and controls to ensure they manage associated risks effectively.
4 -- Information archiving and retention
Determining what content is considered “business” communication and when that content should be captured and archived is more complicated than it seems. Implementing a system that effectively captures social media history and saves them as official, valid archives is a key step towards GDPR compliance as well as compliance with other regulations across industries.
John Mancini is the President of Content Results, LLC and the Past President of AIIM. He is a well-known author, speaker, and advisor on information management, digital transformation and intelligent automation. John is a frequent keynote speaker and author of more than 30 eBooks on a variety of topics. He can be found on Twitter, LinkedIn and Facebook as jmancini77.
Recent keynote topics include:
The Stairway to Digital Transformation
Navigating Disruptive Waters — 4 Things You Need to Know to Build Your Digital Transformation Strategy
Getting Ahead of the Digital Transformation Curve
Viewing Information Management Through a New Lens
Digital Disruption: 6 Strategies to Avoid Being “Blockbustered”
Keynote speaker and writer on AI, RPA, intelligent Information Management, Intelligent Automation and Digital Transformation.
Consensus-building with Boards to create strategic focus, action, and accountability.
Extensive public speaking and public relations work
Conversant and experienced in major technology issues and trends.
Expert on inbound and content marketing, particularly in an association environment and on the Hubspot platform.
John is a Phi Beta Kappa graduate of the College of William and Mary, and holds an M.A. in Public Policy from the Woodrow Wilson School at Princeton University.