Yves Marien

Yves Marien

With over 15 years of experience in international programme management, Yves is BlueVenn's GDPR specialist, who ensures that our clients will be legally compliant once new data protection laws come into force.

Yves is also linked to several European universities where he lectures on management and organization.

Yves is a strong believer in long-lasting business relationships that are build on trust and legitimacy. Efficient data protection will strengthen these core values in a globalized digital economy.

Recent Posts by Yves Marien:

GDPR: Seven Questions About Personal Data Breaches

First up, some (sort of) good news. A recent global study conducted by Ponemon Institute found that the average cost to a business of a data breach has declined 10% since 2016, to $3.62 million (£2.79m), or $141/£108 per lost and stolen record.

The not-so-good news is that this decline isn’t likely to continue once the forthcoming General Data Protection Regulation (GDPR) comes into force on May 25, 2018. Not just when you consider the swingeing fines for transgressing GDPR (which can include failing to notify of a breach in time), but the increased costs associated with managing the breach in a timely manner.

Topics: GDPR

GDPR: Four questions about data and 'legitimate interests'

On this date next year, the General Data Protection Regulation will have come into force across Europe and, even with Brexit on the horizon, in the UK, too.

Over the last few months we have covered some of the frequently asked questions about marketing consent, data subject rights and data profiling. This week we look at 'legitimate interests'.

Currently, the guidelines relating to what constitutes as 'legitimate interests' can differ between EU countries. However, an independent advisory board suggests the following assessment take place before any decision is made to process personal data:

Topics: GDPR Article

GDPR: Four questions about data profiling

We are a little over a year away from launch of the General Data Protection Regulation (GDPR) on May 25, 2018. The countdown has begun.

As we have covered in previous GDPR articles, relating to consent and data subject rights, businesses (as a 'data controller' and/or 'data processor') must adhere to new legislation for the collection and use of personal customer data. However, we have yet to talk about an important area that many organizations will want to know more about: 'profiling', and its new definition. 

Topics: GDPR Article

GDPR: Seven questions about data subject rights

While the General Data Protection Regulation will bring many changes, more consistent, comprehensive protection of personal data rights is key to these reforms. Under existing laws, ‘data subjects’ (your customers) have:

  • The right to object to processing for direct marketing
  • Right to be forgotten (e.g. Google’s online search results)
  • The right to make Subject Access Requests (SARs)

However, under GDPR legislation, customers will be able to still be object to processing for direct marketing, but also adds:

  • A right to object to automated processing (profiling) for legitimate interests
  • The right to be forgotten becomes ‘the right to erasure’, which enables data customers to request personal data to be erased ‘without undue delay’
  • Subject Access Requests must now be free of charge

To better understand their responsibilities, here are seven questions marketers should ask about GDPR, data subject rights and SARs:

Topics: GDPR Article

GDPR: Seven questions about marketing consent

Late in March 2017, the ICO reported that it had fined automaker Honda and airline Flybe a combined total of £83,000 ($104,000) for breaching data protection laws, for sending marketing emails to people without the appropriate consent.

These emails, although asking customers to update personal data and marketing preferences, fell afoul of rules as they were considered marketing communications sent to people who had opted out of such messages.

While this was an infringement of the existing Privacy and Electronic Communications Regulations (PECR), it can be seen as a taste of what’s to come under the forthcoming – and stricter – General Data Protection Regulation (GDPR) in May 2018.

Topics: GDPR Article