With GDPR in place, ITP regularly updating, and the California Consumer Privacy Act (CCPA) set to take effect in 2020, understanding privacy laws has become paramount for all companies. That need is compounded for major multi-brand organizations.
How much do you know about these laws? Let’s take a quick true/false pop quiz to find out.
True or false:
- I am responsible for the third-party tags installed on my website.
- If one of my third-party tags is used to piggyback another third-party, I’m also responsible for any data collected by that party.
- I am responsible for all data collected by all of my brands globally, even if I don’t know what third-parties are used.
- Not knowing all the third-parties collecting data (and what data they are collecting) on my site is not a defensible argument to regulators.
- From initial audit to full implementation, it takes 9 to 12 months to complete the process of governance and compliance when working with multi-brands.
Did you say “false” to any of the statements above? If so, we’re sorry to report that all five correct answers are, in fact, “True.”
This can be terrifying for global companies managing a portfolio of brands, and for good reason. The historical trend for multi-brand companies has been one of decentralization and regional delegation and while this has supported the desired speed to market, the current and upcoming regulations are about to make an example out of multi-brand organizations. Don’t let your company be the example played out in the press.
Time Has Come to Centralize All Third-Party Website Tags
I get it. Even as you read the sub-header above, you can feel the tsunami of resistance from your marketing and branding teams. “We need to move at lightening speed!” they will argue, and, “There’s no way we can handle any red tape when launching our digital marketing campaigns.”
What they feel is the pressure to deliver continued growth and navigate increasingly complex technology and fierce competition. Besides, there’s rarely any incentive (at least today) for increased adherence to privacy governance and compliance with changing legislation.
And yet, without a central body armed with the authority and charter to keep up with changing privacy regulations, it’s not a matter of if you will be fined and made an example of—it’s a matter of when.
Benefits of Centralizing All Third-Party Website Tags
In addition to being compliant with changing regulations (from GDPR to CCPA and who knows how many other laws currently being drafted), there are some core benefits to having all of your third-party website tags under one roof. Namely:
- Accurate and Consistent Data Collection: Global brands often ignore the data provided because they don’t feel they can trust it. If all data is collected the same way using the same process and tools, improved accuracy will lead to performance gains.
- Website Speed and Performance: By removing third-party tags that are no longer active, you are reducing the risk of potential latency issues. A centralized team will see patterns emerge such as lack of post-campaign clean-up.
- Centralization of Resources: Fragmentation of multi-brand and multi-country resources leave more room for error while also being more expensive.
- Local Markets Unlikely to Consider Impact of International Laws: We’re already seeing this with respect to GDPR compliance. With fragmented resources come silos of focus that tend to miss the bigger global picture.
- Ability to Execute Rapid Changes: While local markets may feel they can act quickly, dedicated centralized resources are more aware of pending legislation and empowered to make sweeping changes to ensure compliance.
- Avoiding Tool Duplication: When decentralized, there are often duplicate tools purchased for the same function in different markets and for different brands. Disparity of tools means some markets are using less effective tools and/or duplicating efforts from other markets.
- Saving Costs: There are significant cost savings when tools, processes, monitoring, and human resources are centralized.
- Education: In general, marketing departments don’t care about all of this until regulators make them care. By that time, it’s too late. Better to educate why this is important and why a central body is needed before breaches occur.
Getting Privacy and Data Protection Right for Multi-Brand Companies
While this process will take between 9 and 12 months, the following steps are easily understood. The most important step is the first one so that you can quickly and comprehensively see where you are versus where you need to be.
1. Conduct a Business and Technical Audit.
This falls under the category of “measure twice, cut once.” A comprehensive audit tells you where each brand and each region is relative to data privacy protection. This also allows you to see things for what they are not and empowers you to reinforce the next steps in the process.
2. Document Current Process, Data Collection Practices, and Changes Needed.
This documentation can also serve as part of the CCPA requirements to bring transparency to both data collection and usage for California residents. It will also serve as an education and alignment tool across your brands.
3. Align with Legal and/or Your Chief Privacy Officer and All Relevant Departments.
Having global alignment is critical to ensure corporate governance and establishing the structure, process, and monitoring that will ensure compliance and multi-brand support.
4. Identify and Build Your Team of People, Platforms, and Process.
Your 3 “P”s of privacy will ensure your success. Who are the people who will be responsible for implementation and maintenance? What platforms and tools are needed in order to stay compliant? And what processes need to be put in place (or modified) in order to monitor and ensure ongoing support?
It’s difficult enough to manage data collection across hundreds of sites in different countries with different brand managers. Effective management of hundreds of sites requires a centralized process with the right tools and a dedicated team.