Legacy Application Modernization: Key Steps, Benefits & Best Practices
This blog post was co-authored with Riaz Merchant, President and CEO at Mertech. In the fast-paced software world, 'legacy' often signals a warning.
6 min read
Amanda McCluney : Jun 5, 2018 7:09:00 AM
Like so many other companies offering products and services to a global audience, the Mertech team recently turned our attention to data, privacy, and new data protection laws going into effect, such as the General Data Protection Regulation. The conclusion we drew was an easy one:
While the Regulation technically applies only to our audience located in the European Union, we know that privacy and data protection are critical for everyone in our community. As a result, we decided to implement a few changes that will have a positive impact for everyone, regardless of their physical whereabouts.
Whether you’re curious about some of the changes that you’ll find throughout the site, or looking for a few best practices to implement in your organization’s marketing, here are 4 areas that played a significant part in our GDPR compliance efforts (you can also find our take on GDPR compliance for databases here).
Disclaimer: This information is not legal advice for your company to use in complying with the EU’s data privacy law, the General Data Protection Regulation. Instead, it provides information to help you better understand some of the legal points covered in the GDPR as they relate to websites and marketing. In summary, we insist you consult an attorney for advice on interpreting GDPR requirements or for particular legal advice.
In GDPR terminology, data subject is referenced throughout the legislation; the term is defined as “an identified or identifiable natural person.” To make each of the following points easier to share and understand, we’ll demonstrate using a data subject named John.
At Mertech, we’ve had a Privacy Policy posted on our website for several years, but it was time for a sizeable update that would include a lot of details that were not offered in the past. The main points we added include why and how we collect data, what we do with the data we collect, how we protect the data collected, and the data rights of each subject we have information about.
If it’s time to update your policy, or if you’re just getting started with your first, here are some things to consider:
Building upon the “how we collect data” portion of our Privacy Policy, GDPR mandates that website visitors are given notice that cookies are being used to track their activity. Again it’s important to emphasize that this notice is presented in language that they can understand. Furthermore, site visitors must have two options in the notice: an affirmative opt-in or the choice to decline cookies. One helpful hint here is to keep your cookies notice brief and to the point, but you may also want to consider a link in the notice that will take visitors to your complete Privacy Policy, as we’ve done here:
Per GDPR, any organization that is processing the data of an EU-based data subject must have a legal reason to use it. The legislation states that your legal reason must fall into one of six categories (Article 6), although for our community it’s probably safe to say that your legal reasoning will most likely be found in one of the first three listed here:
Additionally, you must log your lawful basis reasoning for John in your contact records. It may be helpful to look into the options available through your CRM or other contact database for tracking and storing this kind of information, which is where we found our solution.
One of the most obvious changes to our website as it relates to GDPR is found in the forms that we use (for downloadable offers, etc). Each form is now complete with a statement that grants permission for Mertech to “store and process” the information of the person filling it out. And in many cases, you will also find that we offer the option to sign up for a blog subscription or other email list at the same time a visitor is completing a form. The critical part to note here is that per GDPR standards, John must affirmatively opt-in to any options - meaning he needs to click on a check box, because pre-selected check boxes are not compliant.
Consent is a significant part of the Regulation, because if our data subject, John, fills out a form on the website, it does not serve as an implicit opt-in to everything that we want to send him. We are approved to reach out to him about the specific request he submitted (such as emailing him the white paper he wanted, or replying to his product question, demo request, etc.) but that’s where communication must cease unless he is a customer who falls under the ‘performance of a contract’ or in some cases ‘legitimate interest’ reasoning for lawful processing.
If your website has any forms for collecting someone’s personal data, such as their name or email address, you should also take steps to gain their consent and log your lawful basis for processing. It may also be helpful to consider adding a link from the form to your complete Privacy Policy so that you can ensure your audience is well-informed about your data practices.
Taking communication consent one step further, the Mertech team launched a campaign to collect updated email preferences from our community. We realized that sometimes people may have a change of opinion about the emails they once signed up for, and although there is a link to update email preferences at the bottom of every email we send, we wanted to make it more obvious to everyone that they have control over their inbox.
The effort was relatively simple, using our marketing platform. Every contact in our database - customer or not - was sent an email with a link to a page showcasing all 4 of the email subscription types we offer, where they could select the emails they want to receive (remember, affirmative opt-in!) and save their preferences. If you are interested in running your own campaign to update email preferences, check with your email or marketing platform to see what kind of options they offer.
One last note about consent, as it applies to GDPR: it must be just as easy for John to withdraw his consent as it is for him to grant it. Including “unsubscribe” and “update my subscription preferences” links at the bottom of every marketing email is the first step.
Second, as we talked about in listing ‘rights for each data subject’ in the Privacy Policy section above, you should also provide John with an email address and/or mailing address where he can withdraw his consent or object to how his data is being processed.
Everyone appreciates new ideas and suggestions! If you are able to offer any insights to the Mertech community based on your own GDPR efforts, please leave a comment below.
This blog post was co-authored with Riaz Merchant, President and CEO at Mertech. In the fast-paced software world, 'legacy' often signals a warning.
This post was co-authored with Riaz Merchant, President/CEO at Mertech Data Systems, Inc.
Shifting from your traditional legacy systems to the Cloud can be a game changer, as the benefits of cloud migration are numerous. Cloud computing...