{"id":1282,"date":"2020-01-28T10:09:18","date_gmt":"2020-01-27T23:09:18","guid":{"rendered":"https:\/\/blog.datatrue.com\/?p=1282"},"modified":"2024-10-22T18:25:03","modified_gmt":"2024-10-22T18:25:03","slug":"data-collection-mistakes-gdpr-violation","status":"publish","type":"post","link":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/","title":{"rendered":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation"},"content":{"rendered":"\n

Mishandling customer data has never been good for business, and it became an even more serious issue when the EU\u2019s General Data Protection Regulation (GDPR) went into effect in May 2018. Companies that fail to comply with GDPR requirements, which include strictly limiting access to customers\u2019 Personally Identifiable Information (PII), face fines of up to 4 percent of their total annual global turnover \u2014 a provision that\u2019s already resulted in hundreds of millions in penalties<\/a> for some major global firms. 
<\/p>\n\n\n\n

Despite the high potential costs, however, only 28 percent<\/a> of companies said they were fully compliant with the GDPR as of September 2019. Many businesses have invested heavily in technology designed to automate consent tracking (for data collection and email marketing) and customer-initiated data access and redaction \u2014 but data leakage is still a big problem, and human error is a leading cause. According to the UK\u2019s Information Commissioner\u2019s Office<\/a> (ICO), human error was responsible for 88 percent of data breaches in the UK during the past two years, and a 2018 report<\/a> from data security firm Netwrix concluded that \u201cinsiders who make mistakes are more dangerous than hackers\u201d.  
<\/p>\n\n\n\n

What do these errors look like? And how do you know if you\u2019re unwittingly compromising customer data? Here are three easy-to-make mistakes you should watch out for. 
<\/p>\n\n\n\n

#1: Leaving old or unwanted analytics tags on your site<\/strong>
<\/p>\n\n\n\n

The average enterprise website uses as many as 150<\/a> third-party tags to capture customer data and implement marketing automation workflows. Data collection and usage through these tags can be covered under your privacy policy and consent notices \u2014 but only if you know it\u2019s happening. Tags can easily be installed and then forgotten as priorities shift and  employees come and go, and piggyback tagging (one tag invoking another) can also result in the addition of dozens of tags without the website owner\u2019s knowledge. 
<\/p>\n\n\n\n

If you don\u2019t have a comprehensive picture of the data your tags are collecting, where it\u2019s stored, and how it\u2019s used, you can\u2019t possibly provide security or transparency for your customers as required under the GDPR. Avoiding this problem is as simple as running regular tag audits and removing anything you didn\u2019t authorize or no longer use. 
<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

#2: Misdelivering or mis-personalizing emails<\/strong>
<\/p>\n\n\n\n

Email is an extremely common and often-overlooked vector for data leakage. One of the most serious issues is misdelivery, in which an email containing customer PII is sent to the wrong recipient. According to a 2018 report, misdelivery accounts for around 62%<\/a> of human error data breaches in healthcare, and it\u2019s a big problem in other industries, as well. 
<\/p>\n\n\n\n

Misdelivery can occur on a small scale in one-to-one emails, but it\u2019s truly catastrophic in a one-to-many scenario such as a large email marketing campaign. If you personalize your marketing emails in any way, it\u2019s imperative that you have a systematic error-checking process in place, as even basic information such as a username or birthdate could be considered sensitive under the right circumstances.  
<\/p>\n\n\n\n

#3: Tracking email activity without customer consent<\/strong>
<\/p>\n\n\n\n

Email opens, clicks, and forwards are basic performance metrics for email marketing professionals. These numbers tell us \u201chow our email did\u201d \u2014 but it\u2019s easy to forget that they also tell us what our customers did<\/em>. Email tracking is data about customer behavior, and thus governed under the GDPR<\/a>. 
<\/p>\n\n\n\n

If you routinely include tracking code in your marketing emails, you\u2019ll need your customers (or at a minimum any customers based in the EU) to opt in to email tracking. It\u2019s also a good idea to make sure you understand exactly what you\u2019re tracking and where the data is stored, and to routinely scan your emails for any new or unwanted tracking scripts added by your marketing software. 
<\/p>\n\n\n\n

<\/p>\n\n\n\n

Of course, these are far from the only human errors that could compromise your GDPR compliance, but even this short list illustrates the very real risks \u2014 and the fact that basic infrastructure is only the first step. To avoid steep penalties under the GDPR (and similar laws, such as California\u2019s recently-enacted CCPA) companies will need to commit to ongoing investment in employee education, training, and automated system monitoring. <\/p>\n\n\n\n


<\/p>\n\n\n\n


<\/p>\n","protected":false},"excerpt":{"rendered":"

Mishandling customer data has never been good for business, and it became an even more serious issue when the EU\u2019s General Data Protection Regulation (GDPR) went into effect in May 2018. Companies that fail to comply with GDPR requirements, which include strictly limiting access to customers\u2019 Personally Identifiable Information (PII), face fines of up to […]<\/p>\n","protected":false},"author":5,"featured_media":1284,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[11],"tags":[],"class_list":["post-1282","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised"],"yoast_head":"\n3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue<\/title>\n<meta name=\"description\" content=\"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue\" \/>\n<meta property=\"og:description\" content=\"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/\" \/>\n<meta property=\"og:site_name\" content=\"DataTrue\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/datatruedigital\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-27T23:09:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-22T18:25:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/datatrue.com\/wp-content\/uploads\/2022\/04\/New-DT-Logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1328\" \/>\n\t<meta property=\"og:image:height\" content=\"208\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"DataTrue Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@data_true\" \/>\n<meta name=\"twitter:site\" content=\"@data_true\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"DataTrue Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/\"},\"author\":{\"name\":\"DataTrue Team\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#\\\/schema\\\/person\\\/43e68c18f7eb83e8a1109f2e5ed97123\"},\"headline\":\"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation\",\"datePublished\":\"2020-01-27T23:09:18+00:00\",\"dateModified\":\"2024-10-22T18:25:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/\"},\"wordCount\":714,\"publisher\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Uncategorised\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/\",\"url\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/\",\"name\":\"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2020-01-27T23:09:18+00:00\",\"dateModified\":\"2024-10-22T18:25:03+00:00\",\"description\":\"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/data-collection-mistakes-gdpr-violation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/datatrue.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/datatrue.com\\\/en\\\/\",\"name\":\"DataTrue\",\"description\":\"Web Analytics Quality Assurance\",\"publisher\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/datatrue.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#organization\",\"name\":\"DataTrue\",\"url\":\"https:\\\/\\\/datatrue.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/datatrue.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/New-DT-Logo.png\",\"contentUrl\":\"https:\\\/\\\/datatrue.com\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/New-DT-Logo.png\",\"width\":1328,\"height\":208,\"caption\":\"DataTrue\"},\"image\":{\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/datatruedigital\\\/\",\"https:\\\/\\\/x.com\\\/data_true\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/Datatrue\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/datatrue.com\\\/en\\\/#\\\/schema\\\/person\\\/43e68c18f7eb83e8a1109f2e5ed97123\",\"name\":\"DataTrue Team\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue","description":"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/","og_locale":"en_US","og_type":"article","og_title":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue","og_description":"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.","og_url":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/","og_site_name":"DataTrue","article_publisher":"https:\/\/www.facebook.com\/datatruedigital\/","article_published_time":"2020-01-27T23:09:18+00:00","article_modified_time":"2024-10-22T18:25:03+00:00","og_image":[{"width":1328,"height":208,"url":"https:\/\/datatrue.com\/wp-content\/uploads\/2022\/04\/New-DT-Logo.png","type":"image\/png"}],"author":"DataTrue Team","twitter_card":"summary_large_image","twitter_creator":"@data_true","twitter_site":"@data_true","twitter_misc":{"Written by":"DataTrue Team","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#article","isPartOf":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/"},"author":{"name":"DataTrue Team","@id":"https:\/\/datatrue.com\/en\/#\/schema\/person\/43e68c18f7eb83e8a1109f2e5ed97123"},"headline":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation","datePublished":"2020-01-27T23:09:18+00:00","dateModified":"2024-10-22T18:25:03+00:00","mainEntityOfPage":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/"},"wordCount":714,"publisher":{"@id":"https:\/\/datatrue.com\/en\/#organization"},"image":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#primaryimage"},"thumbnailUrl":"","articleSection":["Uncategorised"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/","url":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/","name":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation - DataTrue","isPartOf":{"@id":"https:\/\/datatrue.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#primaryimage"},"image":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#primaryimage"},"thumbnailUrl":"","datePublished":"2020-01-27T23:09:18+00:00","dateModified":"2024-10-22T18:25:03+00:00","description":"Validate data collected by Analytics Tracking Tags in Websites & Mobile apps. Enterprise-grade quality assurance for Reporting, Consent & Privacy Compliance and Agile Development cycles.","breadcrumb":{"@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/datatrue.com\/en\/data-collection-mistakes-gdpr-violation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/datatrue.com\/en\/"},{"@type":"ListItem","position":2,"name":"3 Data Collection and Management Mistakes that Could Result in a GDPR Violation"}]},{"@type":"WebSite","@id":"https:\/\/datatrue.com\/en\/#website","url":"https:\/\/datatrue.com\/en\/","name":"DataTrue","description":"Web Analytics Quality Assurance","publisher":{"@id":"https:\/\/datatrue.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/datatrue.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/datatrue.com\/en\/#organization","name":"DataTrue","url":"https:\/\/datatrue.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/datatrue.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/datatrue.com\/wp-content\/uploads\/2022\/04\/New-DT-Logo.png","contentUrl":"https:\/\/datatrue.com\/wp-content\/uploads\/2022\/04\/New-DT-Logo.png","width":1328,"height":208,"caption":"DataTrue"},"image":{"@id":"https:\/\/datatrue.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/datatruedigital\/","https:\/\/x.com\/data_true","https:\/\/www.youtube.com\/c\/Datatrue"]},{"@type":"Person","@id":"https:\/\/datatrue.com\/en\/#\/schema\/person\/43e68c18f7eb83e8a1109f2e5ed97123","name":"DataTrue Team"}]}},"_links":{"self":[{"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/posts\/1282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/comments?post=1282"}],"version-history":[{"count":0,"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/posts\/1282\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/datatrue.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/media?parent=1282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/categories?post=1282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/datatrue.com\/en\/wp-json\/wp\/v2\/tags?post=1282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}