The long-awaited General Data Protection Regulation (GDPR) is now less than a year away.
It is scheduled to come into effect on 25 May 2018 and will inevitably affect the way in which marketers attract and retain customers. Regulators all agree that this shake-up is extremely overdue as it will finally harmonise how data is processed and handled across Europe, something that has long been lacking.
The regulation is set to replace outdated data protection laws that were introduced in the 1990s, well before the explosion of the internet and subsequent digital methods of gathering and storing information. The GDPR will pose a challenge for businesses across a variety of sectors and could cause a headache for marketers in particular. However, GDPR compliance is a legal obligation, not a choice, therefore marketers need to take action now to ensure the regulation doesn’t stifle their marketing strategies.
Counting down the business days
While its implementation date may still be 360 days away, GDPR is only 183 business days away. When put into this context, it suddenly no longer sounds like a distant prospect; it really is just around the corner. Marketers should, therefore, get their skates on and start preparing from today. It’s important to note that GDPR will affect all business sectors; nobody is exempt. Any business that handles, stores, collects and manages customer data will have to comply with extra responsibilities for both data controllers and processors. This will range from large financial service institutions right through to independent coffee shops operating public wifi networks. All company staff members should have been educated, have awareness of the GDPR and understand how data should be internally managed.
GDPR preparation checklist
While the intricate details of GDPR are still being determined by regulators, marketers can start preparing today by following the below checklist:
• Data audit – Marketers should conduct a thorough audit of their data estate. This should determine exactly what data they have, in terms of the age and quality of the data. In addition, it will help clarify what business rules and permissions are in place. Marketers should also examine data channels, looking at how the data is refreshed, updated and deleted. Questions around what systems are in place for data storage should also be addressed.
• Information security – It’s important to understand what security is in place and how your data is ring fenced.
• Consent –The findings of the data audit will determine what consent permissions exist and what consent needs to be re-obtained. This will drive what’s required when conducting a consent permission exercise. Marketers should also clearly explain and be transparent about what the data will be used for (e.g. profiling), and how the customers will stand to benefit from sharing data, for example by receiving more tailored promotional offers.
• Data portability – Marketers should acknowledge that data belongs to the customer and therefore must support them in moving the data should they wish to cut ties with a company.
• Right to be forgotten – If customers no longer want to be contacted, then marketers must respect this choice and ensure the customer needs are met. Suppression of data needs to be built into any marketing and campaign processing; it doesn’t reflect well if you contact a consumer who had specifically asked not to be contacted.
• Data strategy – With all the above in mind, it’s a good idea to have a data governance strategy in place to ensure the ownership, accountability, availability, integrity, and ultimately the security of the data. Above all, the data is the crown jewel and most prized asset of your business so should be treated with respect.
Scaremongering statistics
It is true that marketers have a right to be worried about the implementation of GDPR. There has been a significant amount of scaremongering in the media; in part stemming from the uncertainty around how exactly the GDPR will be implemented. It is true that failure to comply with the new guidelines will result in a fine of up to €20 million or four per cent of turnover (whichever is greater). Instead of fretting about these shocking statistics, marketers should turn their attention to adhering to the existing guidelines set out by the Information Commissioner’s Office. If marketers do this, then they have little reason to worry.
Look on the bright side
Too much emphasis has been placed on the negative aspects of GDPR. Granted, GDPR will require companies around Europe to invest time and money overhauling existing work processes and data storage systems; however, companies will reap the rewards in the long-run. Companies have become too focused on the volume of customer data in recent years when in reality they should recognise that the priority should be around quality rather than quantity of data. By restructuring these collection and storage processes, marketers will foster a healthier and open relationship with the customer based on mutual understanding, transparency and trust, which in term will strengthen company reputation. Marketers will soon realise that more engaged and positively disposed customers will be the real key to continued business success.
By Andrew Bridges, data quality and governance manager at REaD Group
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus