Here we are: the GDPR is in force. Dreaded by many companies, and sometimes insufficiently (or not at all) anticipated (only 40% of French companies said they were ready), the regulation came into effect on May 25 of this year. This new regulation, which aims to reinforce and standardise data protection for European Internet users, has had a global impact. Why? Because when it comes to protecting personal data, nearly all websites on the planet are concerned. Any company that collects or processes data from European individuals is subject to this regulation.
Régis Sébille is a data analyst at Bien’ici, a real estate listing platform. Having worked on numerous data projects for companies like Redcats and Nexity, he has developed expertise across multiple facets of web analytics. Today he takes stock of the first effects we’ve seen post-GDPR and shares his viewpoint.
The advantage of youth
For a real estate portal like Bien’ici, which aims to connect individuals looking for properties with professionals, data collection is a significant and even highly strategic portion of its activity. Ensuring GDPR compliance was therefore a key step for the company. Regarding the measures to be taken and the actions to implement, the company had already known the basics of the GDPR for at least 2 years (as the regulation was adopted in April 2016).
“We therefore had a fairly clear idea of what to expect. For our company, which will soon be 3 years old, the GDPR has not fundamentally changed the way we process data. While reflecting on and building our platform, we anticipated the main outline of the regulation, notably in terms of structuring our database. For many companies just starting out, the GDPR must be the starting point for a wider protection strategy – the protection of both user privacy and of the company’s sensitive data. It’s about looking to the essence of the regulation in order to adopt the right data governance reflexes,” says Régis Sébille.
Taking the first measures
When the GDPR came into effect, it had direct consequences on Bien’ici’s website and its communication to users.
“We immediately responded to the obligations outlined in the text by:
- Adding legal specifications in our cookie information banner
- Updating our terms and conditions to further inform customers about the third-party cookies used (notably about retargeting cookies)
- Respecting the conditions for collecting information and processing changes to opt-in/opt-out requests
Finally, in compliance with the Regulation’s directives, we worked to raise awareness of the regulation amongst our internal teams: in our administrative services and HR, but also amongst people in charge of our CRM and emailing activities. They in particular need to be capable of responding to opt-out requests, which is now part of the law.”
Trusting service providers is essential
“The GDPR also influenced our choice of data providers; we notably needed to ensure they had storage in Europe or that they were Privacy Shield-certified. Therefore, our relationship with our partners, service providers and customers evolved. As an example, at the urging of their legal departments, our advertiser customers have called on us to verify our GDPR compliance, as well as the compliance of our service providers. We must therefore formally justify that we use and process personal data in a GDPR-compliant way. It’s therefore equally as important and reassuring for our service providers to formally justify the framework of their data processing in a document. AT Internet, our web analytics provider, has made a specific contract available confirming this compliance, which is reassuring for us. It precisely defines the types and categories of collected data, as well as the nature, purposes and duration of processing, and the points of contact and responsibilities for each concerned party.”
The GDPR has therefore become a reality. The auditing authorities seem to expect that companies (and especially SMEs) will immediately take these topics into consideration, and begin taking steps for full compliance by 2020. The first penalties have already been handed out to several companies (with fines that can represent up to 4% of total turnover for cases of intentional non-compliance).
Bien’ici is revolutionising real estate property search. Based on innovative 3D cartography technology and a unique experience, Bien’ici answers the expectations and needs of today’s users in search of housing: it not only takes into account the property itself, but also the neighbourhood character, public transport, as well as nearby businesses and schools. Innovative, streamlined, transparent… Bien’ici has set its heart on providing users with a unique experience, whether it’s for a new construction or an existing home. Launched in December 2015, Bien’ici has today won over the general public and is positioned amongst the leaders of PropTech in France.