Violating GDPR’s ethical and financial penalties are so major that every company must shift how they manage big data, said IBM’s vice president of Security.
If you use the internet, & you do use the internet. Your email inbox has been filled with privacy notifications since 25th May 2018. That was the implementation of the GDPR. However, who and what is the General Data Protection Regulation protecting?
In today’s connected world, personal data is being collected at a remarkable rate.
The websites you use, the places you visit, the calls you make and even the photos you take are all recorded, measured and leave a digital impression – an impression that is fast becoming a valuable resource.
In May 2017, The Economist titled personal data as “the world’s most valuable resource” ahead of oil. Consumers are demanding to know how companies use and store their data as personal data is so valuable and it’s vulnerable to misuse or theft. This is because, overall, consumers are not convinced that companies are doing enough to protect them.
The General Data Protection Regulation – GDPR is a new digital privacy regulation that was introduced on the May 25th, 2018. It regulates wide-ranging privacy legislation across the EU into one central group of rules that will protect users in all member states.
This means companies will now need to build in privacy settings into their websites and digital products. Companies also need to conduct privacy impact assessments on a regular basis, toughen the way they obtain permission to use the data.
Also, because it is a regulation and not a directive, it is legally binding -it means it cannot be ignored, or opted out. In fact, failing to comply could convert to penalties of up to Euro 20 million or 4% of your global turnover!
One significant change is the change in approach towards data privacy.
This regulation gives residents more power over their data, more control over their information, and allows them to make informed choices or options before providing personal information to a company or professionals.
The central theme of the GDPR is Respect for privacy, and it must be present in every strategy, every process, and every tool.
Several decisions that we make in our businesses must consider confidentiality issues, thus, before selecting a tool or strategy, we should ask ourselves:
- Does it respect the GDPR?
- Will it create or facilitate an obstacle to compliance?
- Does it meet my demands/requirements?
The fundamental reason for introducing this now is because the current EU data privacy regulations are outdated and still based on 1980 data privacy regulations which were updated in 1995. This means that the data privacy principles did not include considerations for smartphones, social media, or even advanced web technology etc. So to update this GDPR has introduced.
From the exterior, GDPR might seem extreme, especially for smaller businesses or solo-practitioners.
In reality, there are only three key areas that marketers need to worry about – data permission, data focus and data access.
Data permission is managing the opt-ins, i.e. individual requesting to receive promotional material from you. You cannot assume that they want to be contacted. In the future, they need to express consent in a ‘specific, freely given and informed’ way.
Umm, what does that mean?
This means that customers or leads need to authorise that they want to be contacted physically. You have to make sure you’ve pursued (and not assumed) permission from your prospects and customers, approving they wish to be contacted. For example, ask visitors to specifically opt-in to newsletters by ticking the signup box, instead of assuming that visitors who fill out a form want to receive emails from your company.
“The right to be forgotten” became one of the most popular talks of EU history. It gives people the authority to have inaccurate or outdated personal data to be removed, and it has already been executed by companies like Google, who were forced to remove pages from its search engine results to meet the terms.
The introduction of the GDPR offers individuals more control over how their data is collected and used, including the option to access or remove it.
This can be handled in a simple way by adding an unsubscribe link in email marketing template & linking to the user profile that allows managing their email preferences.
Don’t worry; this is not as daunting as it sounds.
This means that you need to focus on the data you require and stop asking for the “nice to have”. For example: If you need to know a visitor’s T-shirt size and inside clothes measurement section, and if you can prove why do you need it, then you can continue asking for it. Also, avoid collecting any needless data and stick with the basics.
What happens to the databases obtained earlier to the GDPR?
Data obtained before GDPR need to be regulated as a critical point of the GDPR regulation is that it requires all the records stored in a database or a list must be regulated. Hence data must go through a consent requirement and registration process.
The time limit for GDPR has now passed & many businesses are already in “panic mode” to make sure they are compliant. The problem with this is that this leads to mistakes. Also, these mistakes can be costly.
Especially as the ICO-Information Commissioner’s Office has started to take more strict action on the misuse of personal data.
The ICO has already reported three incidents which include household name brand which tried to use well-known email activation strategies for reaching out to their database. The campaigns, which were sent by industry giants -Honda, Flybe, and Morrisons, asked consumers if they wanted to be contacted by any medium or email and to update their preferences.
So, how did they contact their customers, you might ask?
They contacted them by emails – even to those customers that had previously unsubscribed.
Also, this is a serious breach of an agreement.
- Flybe fined £70,000
- Honda Motor Europe fined £13,000
The physical location of the Industry, organisation or business is not as crucial in determining the need to obey with the GDPR. Despite European Union countries being more likely to see the most of the changes, non-EU countries are likely to see more disruption following the introduction of the GDPR.
GDPR is a big transformation to the way in which companies operating personal data (in EU countries) with penalties of up to 20 million Euros – if you fail to comply. It has already changed the data strategy in the industry. That is why it is important for you to seek advice from a lawyer as to know what is or is not a legal requirement for your business.
Remember, GDPR has not been designed to stop businesses from communicating with their consumers/customers. GDPR will lead to improvements in data quality, which is why the best and most of the resourceful marketers are seeing the bigger picture in it. It’s an opportunity to delve more in-depth rather than using the traditional “one-size-fits-all” approach to marketing.
That being said, the rules for GDPR compliance are quite simple and widely accepted – don’t contact someone unless they specifically ask to be. Don’t assume they want to hear from you and don’t send them irrelevant information that they didn’t request for. Don’t cold contact them. If you do all that, then you are on the way to being GDPR compliant.