Data Security

GDPR: Friend or Foe? (and How to Prepare)

By Nicola Pero 20 June 2017

The EU General Data Protection Regulation (GDPR) has been widely publicised. But what does it mean for your business?

The last time the law on data changed was back in 1995, when just over 23% of households had a computer. Since then, the technological environment we inhabit has shifted beyond recognition:

  • Organisations from banks to hospitals, schools, public authorities and charities all use and hold personal data
  • Social media platforms – Facebook, for example – have 1.01 billion daily active users all uploading personal information such as birthdays, photographs and updates
  • There are 100 billion searches on Google every month that are monitored, tracked and used for a wide array of business promotions

Designed to tackle these changes, the GDPR has been enshrined in law and will be enforced from 25 May 2018.

There’s no denying that change is essential. Seen in these stark terms, the need for reform – the necessity of ensuring that our rights as consumers are protected – is glaring. But should you view the GDPR a necessary evil? Or should you embrace it as a positive change?

This blog tells you all you need to know about preparing for GDPR, including exploring the implications of tougher regulation, outlining the consequences of failure to comply, and providing advice to ensure you connect data silos effectively.

Getting tough on consent

GDPR covers a range of data-related issues. (For an overview, you might find this guide helpful.) One major change relates to consent. Specifically, it’s about to get much harder for you to obtain it.

At the moment, the Data Protection Directive allows you to market to data collected from potential customers you’ve met at trade shows, for example. However, under GDPR, you’re required to carry out privacy impact assessments, which are designed to give you an understanding of the risks to personal data and privacy.

  • Say goodbye to opt-outs – Under GPDR, the double opt-in (where prospects both fill out a form or tick a box and confirm by email that they want to sign up) is crucial if you want to avoid being fined
  • Introducing the consent lifespan – You need a legitimate reason to communicate with consumers, and consent will be granted for a limited timescale
  • Aggregation has been significantly reduced – No longer will it be easy for you to aggregate data to profile an individual
  • You need consent for data mining and machine learning – So those advanced digital marketing techniques will be harder to implement in the future

I know it sounds prohibitive, but it doesn’t need to be. If you act now, you’ll secure consent from your existing data for continuing communication. You also have the option to purchase data and secure opt-in from those contacts, too.

In other words, see GDPR as an opportunity. Not only can you review and refine your data processes, but you can also make changes to ensure you’re doing better, building trust in your business and your brand.

The impact isn’t limited to marketing

Remember, it’s not just the way that your marketing department operates that will need to change. The protection of personal data and privacy are built into all business processes – and flow through every department – so you’ll need to evaluate the way your whole business works.

  • Change the way you store every piece of information about a consumer – Data held in silos from online and offline channels needs to be integrated
  • Consumers can legally request all data about them – That means you need to be ready to send anything from metre readings (for utility companies) to appointment history (for dentists)
  • Take time now to implement the correct processes or infrastructure – Otherwise your business could incur huge operational costs

Can you feel a data-induced headache coming on? It’s actually relatively straightforward to make data more accessible by using technology that sits above databases to store siloed data.

What’s more, it’s also your chance to transform your business, getting rid of outdated processes and making you transparent and accountable to your customers.

Consumer control is on the up

Under GDPR, consumers can demand greater access to their data, and their new rights can be used against you in court.

  • The right to be forgotten – Consumers can demand that their personal data be deleted and destroyed
  • Data portability – They also have the right to request that their data is moved from one entity to another
  • The right to sue – If they’re distressed by a breach of the GDPR law, consumers are now able to take legal action against you

You need to see these new rights in the context of the breach disclosure requirement. Under GDPR, you need to report security and confidentiality breaches to the regulators as well as the people affected.

Fines for non-compliance are high

It’s important to remember that failure to comply will be publicised, damaging both your finances and your reputation.

With the impending GDPR, things are set to get more stringent. For example, regulators will be able to intervene more readily in businesses and their operations in order to shape how personal data is used. They’ll also be able to impose even greater fines for non-compliance, which could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is greater.

What impact will Brexit have on GDPR?

Given that we’re set to leave the EU – with the finer details of how that will look very much still to be resolved – you’re probably wondering how relevant this legislation will become. However, the situation unfurls, we’ll still be an EU member in May 2018.

  • Karen Bradley, Secretary of State for Culture, Media and Sport, said last year it would be ‘expected and quite normal for us to opt into the GDPR’
  • She’s also stated that the government will ‘look how best we might be able to help British businesses with data protection while maintaining high levels of protection for members of the public’

How can you prepare for GDPR?

Finally, like everything in life, a bit of preparation goes a long way. As a number of businesses have already discovered, it pays off in the long run to integrate your data silos, bringing together behavioural, social, transactional, descriptive and product data into a single system.

A data management platform significantly reduces the risks associated with not being able to find data or action a request. And a holistic view of all individuals interacting with your organisation also delivers significant long-term benefits.

  • A complete view of the customer journey gives you the power to increase revenues and reduce churn
  • You’ll develop the ability to identify and manage customer interactions
  • Plus, you can target individuals with more tailored, contextual offers across multiple channels

In other words, what starts out as a risk reduction exercise becomes a way of creating new revenue-generating applications and services for your business, while simultaneously boosting customer satisfaction.

GDPR is most definitely friend rather than foe, and it’s time to take action.

Engage Hub can help you integrate your data silos. Find out more here.

See other posts by Nicola Pero

CTO

Nicola Pero is the Chief Technology Officer and has been with the company since 2000. He is the driving force behind the company's highly successful and innovative technology and products. Nicola studied theoretical physics at university and was very active in the open source and free software community for almost a decade. He more recently completed an MBA at London Business School.

Generated with Avocode.FontAwsome (linkedin-in)