Unless you’ve been living under a stone, you’ll be aware there’s a new data protection regulation coming into force on Friday May 25. The GDPR, striking fear into businesses as they endeavour to ensure compliance in time. There’s no doubt larger organisations, or those handling more sensitive personal information, have faced a monumental task that’s taken months (if not years) of preparation.
The overwhelming message from data protection professionals at the GMA’s recent MINT Data driven Marketing Summit was very few organisations will be 100% compliant and many may never be. However, even small to medium-sized companies that don’t process much sensitive data would be perhaps unwise to ignore the key GDPR principles of transparency and accountability. Understanding the personal data you process and why, embracing the GDPR, could be a valuable exercise which reaps rewards.
Jenny Moseley, co-founder of the Data Protection Network, told delegates at the summit that transparency – telling people what you do with their personal data – is key to building brand trust and confidence. Ensuring you have adequate data protection policies in place, training your staff and not retaining personal data when no longer required are all good places to start. Jenny also struck a cautionary note – moving forward, any personal data breach representing a risk to individuals will need to be reported within 72 hours.
That isn’t to say GDPR isn’t an opportunity for businesses to become more efficient and effective. What personal data do you process? Why do you process it? Can you encrypt it or anonymise it? Do you really need it? (and, if you don’t, delete it!). These were all key points raised by Nina Barakzai, group head of Data Protection & Privacy at Sky. If you have made little or no progress on GDPR yet, Nina has a handy 8-point checklist for GDPR Readiness:
- Is there a framework of policies to cover the data we manage?
- What areas of the business need to be involved?
- Who deals with personal data?
- How do we manage ongoing BAU transactions?
- What security measures are in place for internal and external data transfers?
- What are the risks if personal data is handled incorrectly?
- Do we have any areas which need to be treated differently?
- How do we deal with competing interests?
MINT – GDPR & risk
Taking sensible steps will reduce your risk – but what is the risk? A lack of transparency, accountability and security could result in serious damage to reputation and a loss of trust. Tim Roe, Compliance & Deliverability director at RedEye, believes that in considering the risks you should focus on four main factors:
- The impact should something go wrong
- The likelihood of this happening
- The potential fines
and (perhaps more importantly)
- Compensation claims
The level of risk you face will very much depend on the size of your business combined with the nature of the personal data you process.
Data compliance has traditionally been seen as a company’s ‘business prevention unit’, particularly by marketing and technology teams, but a new era of transparency has arrived. This message is now breaking through, according to Michael Bond, head of Data Protection at News UK. Michael says a collaborative approach is far more commonplace with the combined understanding that “if customers trust us, they will share more of their data”.
This view was echoed by Data Protection Network board member, Julia Porter. During her time at the Guardian, she was initially the marketer frustrated by compliance, but learnt the value of joint working across the piece. Julia was at the forefront of the Guardian’s ground-breaking privacy video, aimed at explaining the value exchange between the newspaper and its readers.
You may choose to take a millennial approach of Privacy is dead, but the message from the GMA’s MINT summit was clear – do so at your own risk. The GDPR doesn’t need to be viewed through the prism of data protection hindering innovation and revenue. Collaborate across your business to build the most effective solutions and demonstrate you care about your customers. As Michael Bond says: “99% of compliance with the GDPR is common sense.”
Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.