Technologists, marketers, and business leaders should be very aware, and therefore already well prepared for the upcoming General Data Protection Regulation (GDPR) being fully enforced on 25th May 2018. GDPR will dramatically change the way organisations that manage customer data and operate using data generally, meaning two things for international businesses across the EU:
1) Preparation to become compliant should now be well under way for every business, and
2) Businesses should be thinking about how to best embrace the new customer-centric mode of business that GDPR will bring.
As we've seen internationally, all too frequently, data management and data breaches are a serious business, especially in light of recent events like Crash Override, Titan, and Uber hacks- it all shows the seriousness of a breach on your consumers and on the business results. In addition to the heavy reputational cost of a breach like Uber's, the new financial cost of the fines that the GDPR can levy of up to 20 million Euros, could certainly bankrupt many companies, too.
Clearly the preparation for GDPR is somewhat of a burden, and there are those who have not begun their journey towards compliance. Organisational surveys indicate some businesses are overconfident and even unaware of what GDPR will mean for their organisation, with nearly half (42%) of websites still non-compliant, according to Ensighten's own research.
What's even more shocking is that over a quarter (26%) of brands claim they will not be making any changes to their data management or collection processes post-GDPR, indicating that they believe they're already secure and compliant. That's quite a claim for an untested and very different data regime.
It's of real concern that hacks and data leaks are so prevalent in this current economic climate. Consumers are asking brands with masses of their data why they have it, and if they are diligently protecting it. As a society we have no choice but to make this year a better one for data protection and governance. Cyber-attacks, from the likes of Triton, are unlikely to slow down, so businesses should utilise GDPR as part of their defence. They can begin this process by improving transparency through customer communication and notification, and taking more accountability for data.
Ultimately, brands who carefully treat data and customers with respect will win, while those that don't, will pay the price reputationally and financially – one way.
The value exchange between business and customer
GDPR ultimately requires companies to explicitly make clear to customers that they are providing their consent before they can market to them – whether it's when customers enter websites or in a retail environment. For instance before data collection, businesses must clarify 1) The customer has consented, and 2) What exactly they're consenting to and where their data will go.
Businesses, to maintain excellent reputations, first need to instil a good relationship with their consumers. Part of that is being completely transparent. GDPR means businesses giving customers the power to view the data companies have on them while giving consumers the chance to review their options – which could be deletion.
An astonishing 46% of UK marketers believing their company isn't responsible for data collection across its digital properties. It is clear there is a need to educate marketers that responsibility and accountability is fundamental to maintain good relationships with consumers.
The brand touchpoint – a compliant and accountable website
Currently there is an issue of lack of visibility as to which third parties are piggybacking on a brand's website, which means customer data is currently being shared to unbeknown third parties – introducing the issue of uncontrolled data. Marketers should therefore consider using a data platform tool which provides this, and most importantly, blocks them.
With consumer questions circulating it's important to understand GDPR's strengths. Ensuring that brands are consistently communicating in a more open and transparent way with their customers, will put more emphasis on a personalised customer experience. It gives customers back relevant content, i.e. adverts and suggestions.
Steps international businesses can take to make 2018 a better year for data – becoming GDPR compliant
- Speak to your digital marketing suppliers about the steps they are taking to protect your customers and update your contracts with them.
- Secure the site: Use a privacy solution that gives a single source of information about outgoing data flow from your website, alongside a single point of control.
- Introduce clear data consent options to consumers for every communication method, and make a record.
- Educate your marketing team so they understand their role in remaining compliant and do not unknowingly breach regulations when communicating.
- Hire a dedicated specialist to cover GDPR responsibilities or seek legal advice to ensure your particular models are legitimate.
Ian Woolley is Chief Revenue Officer at Ensighten.