Last Tuesday, January 30, we held our webinar “RGPD Consent Management: How to effectively manage legal and regulatory risks”, together with our legal partner ECIX and in the company of all of you.
Was this a necessary webinar? Five years after the start of the implementation of the GDPR, Spain is still the country with the most penalties in Europe (more than twice as many as the second, Italy), and the total amount of fines in 2023 was 2,093 million euros, only in our country. It seems to be less clear how to ensure regulatory compliance in this area and, judging by the figures, devising a risk management strategy is highly recommended.
As we have told you in our blog, among other channels, the risk self-analysis, the reasons for sanctions, the management of GDPR consents in compliance and the use of technology to achieve this were the main lines of action. Teresa Arandilla, Commercial Director of Legal Communications at MailComms Group, and David Ferrete, Manager of Governance, Risk & Compliance at ECIX Group, spoke during the session.
After a few minutes of presentation of the level of adaptation of the companies to the European regulation and the sanctioning activity of the Spanish Data Protection Agency, David Ferrete took the floor to explain why companies fail to comply, from a legal standpoint. He highlighted three reasons:
- Lack of proactive responsibility.
- Use of inadequate legitimization bases
- Inadequate traceability and consent management.
And also three solutions or best practices:
- Use of consent as an authorization for processing when the other legal bases are not possible.
- Consent as a secure basis of legitimacy for the company and well regarded by the data subject.
- Legitimate interest and the weighing of interests.
Ferrete also presented some real cases of sanctions that could have been avoided with a valid management of consents and went into more specialized matter with a detailed explanation of the obligations of companies when managing consents in advertising campaigns, regulations in hand.
Teresa Arandilla approached risks and compliance from a technical-organizational perspective. He structured it into three sections:
- Informative: in a reality where there are multiple omnichannel interactions in real time.
- Systems: a large number of systems involved and often interconnected.
- GDPR management: with a main key, it is essential to work with a single vision of the client and a centralized management with the participation of the DPO, CMO and Compliance Officer.
The guarantee of our Consent Hub
A technological solution that guarantees legal compliance with the RGPD, such as the one we offer at MailComms Group with our Consent Hub, has to combine in one place the three points described by Teresa in order to offer guarantees of success. The result is centralized management of the entire consent lifecycle including requesting, obtaining and certifying evidence, safekeeping (for at least 5 years in a secure environment) and reliable data governance. In our case, in addition to our technological and regulatory expertise, we add our accreditation as a trusted electronic services provider to provide greater legal reliability and evidentiary value to the entire process.
The last part of the webinar was dedicated to explaining the collection of consent, whether proactive or reactive, in a dynamic way and the benefits of our proposal. And then, as a finishing touch, there was time for the attendees to participate with questions, comments and suggestions.
But this time did not end with the closing of the seminar. In fact, we invite you to keep it alive.
Do you want to know how we can facilitate your company’s GDPR risk management, avoid sanctions or facilitate your day-to-day business? Please contact us, tell us your case or need and let’s talk about customized solutions for your case.