Due to the Europe Union’s new data privacy law, customer engagement and cybersecurity are about to get a major update. On May 25, 2018, the General Data Protection Regulation (GDPR) will come into effect and many organisations are wondering: how this is going to impact their business.
From the consumer perspective, the situation is fairly clear. The data privacy rules are intended to give EU citizens more control over how their personal information is used. From the business perspective, GDPR means companies need to rethink how they conduct their marketing and communication activities.
There’s been a constant flow of information from consumers to businesses, from location check-ins to browsing history. Accountability for that information is absolutely vital for consumer trust, and that’s where GDPR comes in.
Under GDPR, consumers have more control over the privacy of their personal information. Businesses operating in the EU need to obtain explicit, individual consent to which personal data they’re permitted to collect and process. Companies must also prove they have a strong understanding of where they store that data, as well as who can access it and how. To maintain that security system, most companies will need to make use of a full-time data protection officer.
This may sound like a lot, but adhering to GDPR is beneficial for both the business and the consumer. The regulation simplifies what data protection entails by enforcing all companies to follow one standard. It also encourages companies to treat personal data with more discipline, which then strengthens consumer trust.
How does GDPR change customer communication?
The regulation simplifies what data protection entails by enforcing all companies to follow one standard
Customer service and marketing can play a significant role in sales activities, from e-mail newsletters to online help desks and social media. Since existing data – not just new data – is subject to GDPR, companies will have to mind the gap between their current state of compliance to the new GDPR requirements. In many cases, businesses may have to request individuals to give their explicit consent to existing data they already possess. Old permissions, pre-checked boxes, and implied consent are no longer good enough. Businesses may have to adjust their privacy statements and disclosures accordingly.
Businesses need to know what counts as personal data and what are the rights granted under GDPR. Personal data includes basic identity information, web data (such as IP address), health and genetic data, and political affiliations. Under GDPR, individuals will have the right to give and revoke permission to having their data stored and used. They can also ask for access to all the data a company has already gathered from them, and restrict the data used for direct marketing.
More importantly, companies need to be prepared to handle each type of situation. For instance, how will you go about asking for explicit consent? If someone requests a file with all their data, how can you confirm that person is who they say they are? If someone wants their data erased, can you quickly and easily locate all places where their data is stored? What will you do if a data breach occurs?
GDPR guidelines aren’t a suggestion – they’re a requirement which will be enforced from May 25 onward. Companies found to not be GDPR compliant risk heavy penalties. Penalties fall under a two-tier structure and a company that fails to meet GDPR requirements can get slapped with a €10 million fine, or two per cent of global revenue, whichever is higher. Companies can face twice that penalty if they violate the rights and freedoms of people whose information they’ve gathered. Violations can come in the form of hacking and data breaches, for example.
With such high risks involved, companies can’t afford to fall short on GDPR rules. That’s why an IT consulting organisation such as Kinetix offers GDPR support in their personalised solutions. Since most IT security systems and policies will require changes, Kinetix helps companies set up smart technologies that can best facilitate those changes. Kinetix also recommends practices that will reduce the risk of violations and data breach. When it comes to protecting your customers’ data, a proactive and preventative approach is the best approach.
With a clear, step-by-step plan, companies can make a smooth transition into the new EU data protection standard. Penalties aside, understanding your data should be a top priority for any responsible company that values customer service. Once GDPR is in place, data ownership will fall in the hands of the individual. Just like you would take great care if someone let you borrow their car, companies should handle their customers’ data with utmost respect.
The deadline for GDPR compliance is coming up quickly and we encourage businesses to kick-start the process of implementing the changes that are needed within their organisation. If you still have concerns, don’t hesitate to contact us. We’ll help you find an appropriate solution to get your company ready for GDPR.
CommentsComments powered by Disqus
Do not have an account?Sign Up