The Challenge: Maintaining Compliance with New and Changing Legislation
New location based compliance legislation is increasingly being interpreted differently. Specific countries have their own rules, with countries like Germany and Poland taking a harder stance on the guidelines, it’s critical that businesses with a global presence are responsive to this challenge depending on where their users are operating. In cases where the country can’t be easily identified on submission, the solution would be to lead with privacy compliance of the strictest country.
A part of the challenge is knowing, with confidence, the actual location of web users. The location identified by their IP address may not be reliable if a VPN is in use. They needed the safety net of a manual process for the user to select their country if the automated process had not got it right the first time around.
They also needed to be able to dynamically change opt-in messaging, privacy documentation and individual data capture fields based on whether a country is an explicit or implicit GDPR country. It was also critical this information was processed to support accurate segmentation by maintaining records on new; opted in;
opted out and customer groups.
If they couldn’t find a centralized automated solution they’d either have to have different forms on different country web pages or adopt the strictest opt in everywhere which would affect marketable data.