How to Prevent your Data being Outlawed

When the new EU data law, or General Data Protection Regulation (GDPR), comes into force some brands will find their consumer data effectively outlawed. For the unprepared the new stricter compliance rules come with an accompanying fine of up to 10 million Euros or one per cent of turnover, plus the possibility of consumers being able to claim damages for misuse of data.

However frustrating the new regulation may be, brands and agencies do need to prepare to be data compliant, or write off consumer information as untouchable.

The basic tasks are auditing to ensure data meets the new opt in permission based regulations, refreshing it to the new standard where it is not, creating an effective storing system for consent forms, and providing a data removal system for when consumers act upon their right ‘to be forgotten.’

There are very few brands or agencies equipped to manage compliance tasks on their own. It is therefore important to take as much advice as possible, but only from established reliable sources. Inevitably an industry of compliance consultants of various types will emerge, but only those with an existing background in handling compliance involving high volume data and market planning should be considered. They will have a heritage in compliance preparation based on existing law, plus they will understand the current technical situation most companies find themselves in, and how change should be applied.

Every company that uses consumer data should appoint an individual ultimately responsible for overseeing the introduction of the new regulations. New compliance protocol should be clearly set out and made known to all marketing or agency personnel with guidelines on what they can do in terms of data. Within those boundaries they will be free to plan and be creative. If they are constantly reviewing activity for compliance everything they do will be handicapped.

The forthcoming law will mean data audits and protocol change for every company that uses consumer data. It will not be possible to plan and implement new processes quickly. In administrative terms, months of work may be involved, often involving changes to software.

Although the new EU law may not come into effect until the end 2017, or even later, it will take some brands a full two years to prepare. In this situation putting off compliance is a high risk strategy. Being caught unprepared could be costly in terms of financial penalties, but also in damage to brand reputation.

To be able to use existing data there are two key criteria that will have to be met. It is necessary to check whether the level of opt in permission meets the new unambiguous terms required, and whether every individual opt in consent form for every consumer has been kept – either in electronic or paper form.

Storing consent forms is something that most data owners have never done as it has not been necessary, but in future will have to be presented if requested by the Information Commissioner’s Office (ICO). This is further complicated by the fact that few, if any, CRM systems have facilities for storing electronic consent forms.

What this means is that the majority of existing data consent will have to be refreshed by contacting consumers, and each consent form stored.

The other key element to put in place is the facility for consumer to have their data removed if they request it. A method through which this can be done quickly and efficiently will have to be established, including an nominated contact point that members of the public can easily identify.

The new law will mean major change, and there will be a temptation to cut corners, or simply ignore some elements of compliance. But this is not a realistic option. It is inevitable that at sometime all companies will come under scrutiny. The likelihood of strict compliance enforcement and accompanying heavy penalties will combine with the possible right of consumers to obtain damages for misuse of data. This could create a compensation trend similar to the PPI situation. Nobody knows, but the possibility exists.

Once the new compliance regulations have been met it will be sensible to adopt a data regime that includes regular compliance reviews. It is easier to put problems right through scheduled checks than risking sanctions, or having to undertake potentially destabilising major overhauls.

The use of qualified third parties that can objectively assess processes will be a good way of ensuring major compliance updates are not needed, but they will also be able to provide advice on improving practices, including how marketers can make better use of data.

For most brands there will be considerable cost and work involved in becoming GDPR compliant. It is not something to be welcomed, but it does present a positive opportunity. If you have to refresh opt in permission by creating dialogue with customers and prospects, you can use it to find out much more about them, their true buying potential, what their trigger points are, and even make direct offers. GDPR has to be tackled, so it is worth considering using it as a catalyst that enables information gathering that drives income beyond the time and costs imposed by new regulations.

For many brands what may be most effective is the use of sophisticated telemarketing using well trained operators that that can work to multi layered scripting. They will be able to accurately interview consumers to establish buying triggers, while appearing to conduct a non-interrogative dialogue. They can gain valuable information on the buying potential of individuals, record verbal opt in permission, and make any one of a range of different offers based on the details they obtain.

The new EU law presents brands and agencies with an unwanted challenge in understanding and working to new regulations, but within it is the possibility of improving dialogue with customers and prospects, and obtaining benefit if GDPR is tackled positively. The investment used in addressing the new regulations can be more than paid for by using it to generate sales and generated valuable consumer information.

By Jeremy Whitaker, chairman of Verso Group.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

Latest articles

5G will advance all of society as we know it

How empathy, ahead of tech, will be the key driver of business recovery post-coronavirus

Automation: a faceless route to customer alienation or a productivity driver?

The importance of data collaboration for marketers

Post-lockdown â€“ planning for your businessâ€™ road to recovery

The 4Ps plus purpose are the key to thriving in the 2020s

Join todayâ€™s data privacy and cyber security virtual event

Behavioural change, nudge theory and ultimate benefit â€“ why isnâ€™t the trial COVID tracking app harnessing the best in tech?

Turning Global Data Protection Into Global Opportunity

Weathering the storm: How cloud technology can help marketers to succeed remotely

Data Legislation Education: Businesses Must Boost Knowledge

Are you a digital polluter? Why advertisers must now end online waste in order to survive

Three key questions businesses should ask themselves before investing in AI tech

Hidden stakeholders: Why CISOs hold the key to successful digital transformation

The IAB Europe Guide to Cookies: Privacy Promises Should Do More Than Crumble

How to Prevent your Data being Outlawed

By Jeremy Whitaker

Posted in Data on 28 May 2015, 12:00, 0 Comments.