2b Legal PDF

Making Your Funnel Work
Legal
Legal
Legal
© https://e-commercemanagers.com 2
DISCLAIMER
This presentation is no legal advice. This information is for entertainment purposes
only.
It is composed to the best of our knowledge and ability.
But always contact a lawyer or a legal consultant for conclusive advice for your
specific situation.
Legal
LEGAL
▪ GDPR
▪ CCPA
▪ Copyright
▪ Return policies
Legal
GDPR (=General Data Protection Regulation)
Goals
1. Harmonize all privacy laws within EU
2. Protect EU citizens from electronic harm’s way (e.g. identifity theft or unwanted ads)
3. Make EU infrastructure more robust in the wake of digitalization of society
General
▪ For all citizens with in the EU
▪ Effective globally (if you sell to EU citizens you automatically …..)
▪ For all personal data (B2C and B2B)
▪ Effective May 25th 2018
▪ Max. fine of €20 million or 4% of annual global turnover – whichever is greater – for infringements
▪ Issuing warnings and reprimands;
▪ Imposing a temporary or permanent ban on data processing;
▪ Ordering the rectification, restriction or erasure of data; and
▪ Suspending data transfers to third countries.
Legal
GDPR - What is personal data? Or PII
Definition
Personally identifiable information (PII) is any data that could potentially (e.g. by combining
data or metadata) identify a specific individual. Any information that can be used to
distinguish one person from another and can be used for deanonymizing previously
anonymous data can be considered PII.
Distinction
Nonsensitive PII can be easily gathered from public records, phone books, corporate
directories and websites. This might include information such as zip code, race, gender, date
of birth and religion -- information that, by itself, could not be used to discern an individual's
identity.
Sensitive PII is information that, when disclosed, could result in harm to the individual when a
data breach occurs. This type of sensitive data often has legal, contractual or ethical
requirements for restricted disclosure. This data must be encrypted when in transit + at rest.
Legal
GDPR – Examples of PII
Examples
▪ e-mail address
▪ device-id’s (MAC address)
▪ cookie-ID’s
▪ IP-addresses
▪ biometric information (fingerprint / eyescan)
▪ personally identifiable financial information (PIFI)
▪ unique identifiers, such as passport or Social Security numbers
▪ employee personnel records
▪ tax information, including Social Security numbers and Employer Identification Numbers
(EINs)
▪ password information
▪ credit card numbers
▪ bank accounts and records
Legal
GDPR Principles
1. Be transparant – impied consent is a big no
2. Limit data what you need – no scooping up data just because you can
3. Limiting data – do we need all this data?
4. Data must be accurate – make sure it is accurate and up-to-date
5. Limit storage of personal data – don’t keep it longer than you need it
6. Integrity and confidentiality – use encryption, 2FA and tamper evident logging
7. Accountability – keep a paper trail to demonstrate compliance
Legal
Controllers, processors and subprocessors (+sub sub)
▪ Controllers - the party that determines
for what purposes and how personal data
is processed
▪ Processors - the party that processes
personal data on behalf of controller
▪ Subprocessors – parties that the
Processor uses / hires to perform it’s
duties towards the Controller
Legal
Is your business a…
B2C?
▪ 99% chance your are a Controller
▪ 99% chance you use tools (SaaS CRM, MS Excel, Google Sheets) so you MUST have at least
one DPA (Data Processing Agreement) with a Processor
B2B?
▪ Controller for all personal data (e.g. DMU pr prospects/clients) in your own CRM
▪ Processor for all the PII data of your clients customers
▪ Subprocessor if you offer a tool/service/product to a Processor (either in B2B or B2C)
NOTE: GDPR is only for PII – so if you offer a service to check the uptime of a website GDPR is
not effective (for the service itself – unless you collect any PII data while checking uptime)
BE AWARE: if you ever implement any javascript/pixel/tracker on your website/app you have no
control what data gets collected – be alert
Legal
Is your business a…
B2C?
▪ 99% chance your are a Controller (unless you have a blog and don’t have Google Analytics installed
or have a retail store with cash only)
▪ 99% chance you use tools (SaaS CRM, MS Excel, Google Sheets) so you MUST have at least one DPA
(Data Processing Agreement) with a Processor
B2B?
▪ Controller for all personal data (e.g. DMU of prospects/clients) in your own CRM
▪ Processor for all the PII data of your clients customers
▪ Subprocessor if you offer a tool/service/product to a Processor (either in B2B or B2C)
NOTE: GDPR is only for PII – so if you offer a service to check the uptime of a website GDPR is not
effective (for the service itself – unless you collect any PII data while checking uptime)
BE AWARE: if you ever implement any javascript/pixel/tracker on your website/app you have no control
what data gets collected – be alert
Legal
Data Processing Agreement (I)
What should be in your DPA?
▪ object of the Agreement
▪ scope, nature, and duration of data processing
▪ subjects of data processing
▪ types of data you want to process
▪ data storage
▪ term of the contract and conditions of contract termination
Legal
Data Processing Agreement (II)
Controller
▪ is the entity responsible for establishing a lawful data process
▪ is also responsible for issuing instructions about data processing
▪ however, if the data processor believes that the instructions issued by the data controller violate the
provisions of GDPR, they have to immediately inform the data controller about their concerns.
Processor
▪ must have adequate information security in place
▪ shouldn’t engage sub-processors without the prior consent of the controllermust cooperate with
the authorities in the event of an enquiry
▪ must report data breaches to the controller as soon as they become aware of them, without undue
delay
▪ must give the data controller the opportunity to carry out audits examining their GDPR compliance
▪ must keep records of all processing activities
▪ must help the controller to comply with data subjects’ rights (including the processing of data
subject requests)
Legal
Liability
Individuals whose data you hold may send queries or complaints to either the data controller or the
data processor. Data processors are liable when they work outside of instructions provided to them by
the controller or when they violate the terms of the GDPR
Processors can be liable due to claims of:

▪ Individuals
▪ Controllers
▪ Authorities
Processor will not be liable if it can prove it is not responsible for the event giving rise to the damage.
If a Processor is required to pay compensation, but is not wholly responsible for the damage, it may be
able to claim back from the Controller, the share of the compensation for which they are responsible.
Legal
DPIA (Data Protection Impact Assessment)
A DPIA is required whenever processing is likely to result in a high risk to the rights and freedoms of
individuals. A DPIA is required at least in the following cases:
▪ a systematic and extensive evaluation of the personal aspects of an individual, including profiling
▪ processing of sensitive data on a large scale
▪ systematic monitoring of public areas on a large scale
DPIA required
A bank screening its customers against a credit reference database; a hospital about to implement a
new health information database with patients’ health data; a bus operator about to implement on-
board cameras to monitor drivers’ and passengers’ behaviour.
DPIA not required

A community doctor processing personal data of his patients. In that case, there is no need for a DPIA
since the processing by the community doctors isn’t done on a large scale in cases where the number of
patients is limited.
Legal
IMPACT ON DIGITAL MARKETING
Almost everywhere. For example:
▪ Google Analytics
▪ CRM
▪ E-mail platform
▪ Facebook Custom Audience pixel
▪ A/B testing
▪ Retargeting advertising
▪ Dynamic pricing on webpage
▪ Outsouring services to agencies (not design and copywriting or SEO)
▪ Wordpress plugings
Legal
EXAMPLES OF DATA BREACHES
Data breaches MUST be reported to the relevant Authorities. For example:
▪ loss or theft of hard copy notes
▪ USB drives
▪ computers or mobile devices
▪ an unauthorised person gaining access to your laptop
▪ email account or computer network
▪ sending an email with personal data to the wrong person.
▪ a real hack
Legal
CHECKLIST GDPR FOR DIGITAL MARKETING
Checklist
▪ Lock computer/screen when going to meetnig/toilet
▪ Use different password for every account, change password regularly
▪ Send files/spreadsheets by email with Zip7 or an alternative (encrypted zip files)
▪ Make sure that every entry point of PPI has a consent stamp (time + date + channel) on it (digital forms,
cookie consent, affiliate forms, printed coupons/returns)
▪ (except subscriptions/newsletters) you can use their data only as long as your product / service needs (e.g.
an order confirmation is necessary, a newsletter is not)
▪ Make sure all your DPA’s are in order / administrated
▪ Make sure you have an encrypted harddisk (to store PII data) in case of theft / hacking
▪ Always keep your software up-to-date and keep a paper trail of it
▪ Clean your data (don’t store old customer data without consent to contact again – e.g. newsletter)
▪ Think about the customer journey: a lead generation form without consent to keep them update for the
coming monts/years is worth less – you can only send them the info they request
▪ Be careful and diligent with scraped data (e-mailadresses or other PII for cold calling or emailing)
→ https://s3-eu-west-1.amazonaws.com/cdn.webfactore.co.uk/sr_762762.pdf
Legal
CCPA (California Consumer Privacy Act)
https://dataprivacymanager.net/ccpa-vs-gdpr/
Legal
INTELLECTUAL PROPERTIES
▪ Trademarks
▪ Brandnames
▪ Domainnames
▪ Designs
▪ Patents
▪ Code
▪ Textcopy
▪ Music
▪ Video
▪ Photo
▪ Ideas
▪ Research
▪ Etc etc
Good faith vs bad faith
Legal
PROTECTING YOUR BRAND
▪ Register your brandname and logo, prefferably with the Madrid database (WIPO)
▪ Register as much relevant domainnames as possibles (and affordable)
▪ Use services to check your brand registration
▪ Set up Google Alerts
▪ Send cease-and-desist notifcations of possible infrigements
▪ Exclude partners/affiliates on advertising on your brandname (if you advetise

yourself in Google) in your agreements/conditions
▪ https://support.google.com/adspolicy/answer/2562124
▪ Request brandprotection at Google (prevents other advertisers of using your
brandname)
Legal
COPYRIGHT: working with creative work
▪ Designers, photographers, agencies, freelancers etc etc
▪ If you a free to set the terms (not buying from a platform) demand unlimited,
exclusive rights, global, forever and non-retractable, full and unlimited ownership
without mentioning the source/creator
▪ If you buy from a platform: check the conditions and put in your usecase (own
website vs campaign, digital vs print, , views er year, usecase, etc etc)
Legal
COPYRIGHT: fair use
▪ Criticism and commentary
▪ News reporting
▪ Research and scholarship
▪ Nonprofit educational uses
▪ Parody
Check:
▪ Are you creating something new or just copying?
▪ Are you competing with the source you’re copying from?
▪ Giving the author credit does not always let you off the hook
▪ The more you take, the less fair your use is likely to be
Legal
PROTECTING YOUR BRAND
▪ Register your brandname and logo, prefferably with the Madrid database (WIPO)
▪ Register as much relevant domainnames as possibles (and affordable)
▪ Use services to check your brand registration
▪ Set up Google Alerts
▪ Send cease-and-desist notifcations of possible infrigements
▪ Exclude partners/affiliates on advertising on your brandname (if you advetise

yourself in Google) in your agreements/conditions
▪ https://support.google.com/adspolicy/answer/2562124
▪ Request brandprotection at Google (prevents other advertisers of using your
brandname)
Legal
THE END
▪ Next session about:
▪ 3A: Google Analytics + Google Tag Manager
Legal

2b Legal PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2b Legal PDF

Uploaded by

Copyright:

Available Formats

Making Your Funnel Work

It is composed to the best of our knowledge and ability.

Processors can be liable due to claims of:

DPIA not required

Good faith vs bad faith

▪ Exclude partners/affiliates on advertising on your brandname (if you advetise

▪ Exclude partners/affiliates on advertising on your brandname (if you advetise

You might also like