Data Protection - What is GDPR and why is it important?
Many consumers are blasé about giving away personal data without any real understanding of what it will be used for. And also, crucially, who will have it. Well, the time for the deep unknown is nearing an end. As next year sees the start of a new data protection era in Europe. Where the General Data Protection Regulation (GDPR) will ensure the use of a consumer’s personal data lays firmly with the individual. Not the organisation.
The Basics of GDPR
The General Data Protection Regulation (GDPR) is Europe’s new legal framework for data protection laws. Its role is to supersize the power of the UK Data Protection Act 1998 (DPA). Reining in the overzealous use of personal data. Come 25 May 2018, every organisation that collects personal data will be legally required to be open and transparent about the use of consumers' data. They'll also need to gain explicit consent from their consumers on how they'll use their data.
Following Brexit, GDPR will still apply to all UK businesses and organisations that trade within the EU. Although, the UK will also be implementing a new Data Protection Bill. This will serve as the UK’s equivalent to GDPR.
Under the GDPR framework, the definition of personal data is:
“Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Who has your personal data?
A recent CIM study reports that, “Just 8% of customers understand where and how organisations use their personal data. A huge 31% of consumers don't have a clue."
How often do you surrender your name, email address and more in return for a service? For a free email account? The promise of discount vouchers, a competition entry, or just simply a newsletter?
Right now, organisations control what they can do with their customer's personal data. This includes who they can share it with. However, the GDPR is looming over businesses to give control to the consumers. This may seem like it will impact businesses and organisations negatively, but this change in legislation is a fantastic opportunity for your brand. Embracing the transparency that the GDPR brings will create a strong relationship with your customers; built on honesty and trust.
5 reasons why GDPR is important
"If you're not paying for a product, then you probably are the product."
An adage, well-known within marketing circles. And now, one which also holds a lot of truth when it comes to our personal data.
At the moment, it may seem the GDPR will cause your organisation issues. However, here's 5 reasons why we think GDPR is important.
1. Greater Data Protection
Under the GDPR, stronger rights are given to individuals over how organisations process their data. Expect to clearly inform your customers on how your brand will use their data. Individuals will be free to request the data a brand holds about them. And, if that data is incorrect or no longer relevant, request that it is either corrected or deleted.
New data portability rules should also make it simpler to ‘migrate’ between different service providers too. Stricter controls will also be in place for brands if data breaches occur. As a result, this should place a greater value on the security of the data it may hold.
2. Build Trust
The GDPR puts the protection of consumers' personal data first. Brands will be able to build an honest and truthful relationship with their customers.
Currently, the 1998 Data Protection Act requires consent for the processing of personal data. However, it allows the use of pre-checked tick boxes, and opt-outs rather than opt-ins. Along with very ambiguous statements about the sharing data, and its use. The result of this is a general distrust of brands' stewardship of the personal data given to them. Yet, consumers rarely question this.
The GDPR is set to change all of this. Brands that view this as an opportunity rather than a burden, should see real benefits in terms of an increase in consumer confidence and trust.
3. Revalue Data
Loopholes in legislation currently allow organisations to obtain ambiguous consent. As a result, it's relatively simple to gain such consent for a wide variety of purposes, and to share, or even sell, that data easily. With consent being so readily available, many businesses see data as a cheap commodity.
Under the GDPR, consent will be very specific. No doubt, this will mean organisations obtain less consent than they do now. However, any data they do gather should have a greater value overall. Brands can expect better engagement as consumers will know where their data is going.
4. Impact on Organisations
The concept of data protection by default and design underpins the GDPR. This means that data protection, or privacy, should be at the core of everything an organisation does. Instead of being an afterthought, hurriedly bolted-on in an effort to ‘tick the box’.
We recommend mapping the data journey through your business. This will bring up opportunities to minimise the amount of data processing. For good practice, inform your customers on exactly how you will use each piece of data. Security will also play a big part here too. The fines for non-compliance, particularly with regard to a breach, are potentially severe.
Under the GDPR, brands will also need to explain why they're collecting personal data and the processing that will happen. This will be in addition to obtaining specific consent from consumers. Also, if a brand intends to share your data with third parties, they must specify who those third parties are, and the purpose for them processing the data.
As a result of the new regulations, brands will find consumer confidence increases. Especially for the brands that are being open and honest about collecting and processing personal data. The value of data held by organisations will also increase following the launch of the GDPR. As specific consent will have been given for the collection, use and processing of customer's personal data.
The old carte blanche approach to the use of capturing data is over; so you should see consumers engage more with your brand. We expect this to be a result from their in-depth involvement in the consent they have given. Along with brands meeting the consumer's expectations as part of this new value-exchange.
Hopefully, like us, you're now starting to see the GDPR as a real opportunity for your business.
For more information, please speak to a member of our team by calling us on 01787 388038, or send us a message by clicking filling out our contact form.