Do you have a handle on your data? As GDPR comes in next year, it’s time to get acquainted with the new rules which will sharpen up your data processes. But it’s not all bad news, there are opportunities for your business from GDPR too.  

The EU General Data Protection Regulation (GDPR) comes into effect on the 25 May 2018 to ensure companies are using personal data legally and transparently. This represents a seismic shift back towards putting individual consumers in control of their data.

Many people don’t realise the opportunities that come with GDPR; yes, it does create a little extra planning and work, but we believe the benefits outweigh the time spent on it.

In this post, we’ll set out what GDPR means for the future of data, and how it can streamline the way you work with it.

GDPR: the basics

Who does GDPR apply to?

Anyone who controls or processes the personal data of people within the EU (the regulation calls these people ‘data subjects’). Note that you don’t have to be based in the EU for GDPR to apply to you, if you’re processing the personal data of data subjects, you need to comply.

What kind of data does GDPR cover?

GDPR covers any personal data that relates to an individual. This includes, but is not limited to, names, addresses, email addresses, IP addresses, customer lists and cookies, and sensitive data relating to health or genetics.

From a marketing point of view, the focus has very much been on email addresses, but you shouldn’t forget anything else that identifies an individual – even a job title and company name.

Article 5 of the GDPR sets out the key features of the legislation, data must be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Kept in a form that permits identification of data subjects for no longer than is necessary. Data must only be stored for longer periods for archiving purposes in the public interest
  • Processed in a manner that ensures appropriate security of the personal data

What are the rights of individuals?

The EU has outlined eight rights that individuals have when it comes to the way their personal data is stored and processed:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

How does GDPR relate to consent?

GDPR means you must satisfy at least one of six legal grounds in order to process data:

  • the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by a controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. This shall not apply to processing carried out by public authorities in the performance of their tasks.

The first, and perhaps the most important of these, is consent. Consent must be a “freely given, specific, informed and unambiguous indication of the individual’s wishes.”

As part of GDPR you should review how you ask for consent, ensuring it is ‘specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn.’ How you store and use data is as important as how you ask for it in the first place.

How can you comply, and what happens if you don’t?

What often makes headlines is the fines relating to non-compliance or data breaches under the GDPR – up to €20m or 4% of your company’s annual turnover, whatever is higher. Under the current UK Data Protection Act the fines are a maximum of £500,000, so you can see why GDPR is changing the landscape.

To comply with GDPR, a good first step would be to review the following:

  • How you process data and accompanying documentation
  • How your team understand data protection and GDPR
  • Data security
  • The amount of data you collect and store
  • Your consent process – how records of consent are kept and whether it is clear to customers how data is used
  • Whether any data is used by a third party

Once you have reviewed all of these elements of data control and processing, you need to take steps to make your data handling GDPR-compliant.

This could involve changing security protocols or rewriting your consent questions. You should also consider an opt-in campaign with your new consent processes, so customers on your lists can agree (or disagree) to how you’ll use their data.

The opportunities GDPR creates

GDPR is more than ticking a legal box, it’s about taking a new approach to data, and we feel there are many opportunities available, here we’ll cover some of the main benefits.

The first of these is being able to open up conversations with customers about their data. Secondly, we’ll look at how the GDPR improves the quality of your data, and thirdly how asking for consent creates customer feedback too.

1. Enable open conversations with your customers

This legislation has come about, in part, because of concern around how data is used. As individuals, we give away a lot of personal data every day – when we shop online, when we accept email marketing, even when we’re doing something as simple as paying for car parking. Technology saves us time on everyday activities, but the price is our personal data.

This has led to an inevitable backlash, where consumers have come to mistrust companies’ use of data, due to simple fear of the unknown. What hasn’t helped is the odd sly marketing trick, pre-ticked consent boxes for example, which put customers on the back foot and make them feel like companies are trying to catch them out and pinch their data for nefarious purposes.

Of course, this isn’t the case for 99.9% of companies. Data is used to improve services, lower costs, and all sorts of legitimate reasons. GDPR is your chance to show how proud you are of your intelligent use of data, and how this benefits the customer.

As a company, you’ll hold a lot of personal data (some more than others), and many consumers are uneasy about this. But by complying with GDPR, and putting in the right protocols, you can reassure your customers, and regain trust.

GDPR means you must review the way you capture, control and process data. So why not use it to inform your customers about how you intend to approach personal data from now on? Tell your customers:

  • The records you hold about them
  • How you use personal data
  • How to opt-out

This process puts your customers back in control of their personal data. They know exactly where they stand and what they can do. Some may opt-out, but you’ll find that the ones who stay will be much happier about giving you their custom.

2. Improve the quality of your data

Once you have implemented the changes GDPR requires, you will find that the quality of your data has improved. For example, by asking customers to opt-in again, you are likely to find the most-engaged and best quality leads stay with you. Those who are truly interested in your product or service will be keener to stay subscribed.

Old data and cold leads will slip away, meaning you can concentrate on the customers who matter. Your lists may shrink, but you’ll have a streamlined list of engaged leads.

When reviewing your data, you may also find you ask for and keep data that you simply do not use. Going through the GDPR process allows you to refine what you need, holding too much data can concern your customers and pose a security risk. Remove what you never use, and you’ll find it easier to use and interpret your data as well.

3. Collect customer feedback via consent questions

One critical element of GDPR is consent, which is how you ask for personal data when a transaction or communication takes place. This needs to be freely given by the individual as well as very clear – this means you must ask specific questions which comply with GDPR, but these also help you collect and segment your data more effectively.

A good way to ask for consent is by being specific and deliberate, asking the individual exactly how they would like their data to be controlled and processed. This provides the individual with control, and gives you a way to gain feedback on how people like to be contacted.

Econsultancy recently wrote an excellent piece on the topic, with many useful examples of good consent questions from leading brands. One of the most common ways to do this is by asking people if they’d like to be contacted by email, text, phone or post. Create separate questions for each medium and then analyse which most people prefer. You have consent and an instant idea of which medium to invest your marketing efforts in.

These are just three of the many opportunities GDPR brings to you as a business owner or marketer, and these benefits will also lead to other opportunities for your business.

Increased customer loyalty could help you identify brand advocates that you can work with on product development. Better data quality can also mean lower storage costs, once you remove the deadwood you’ll be saving vital server space or reducing costly Cloud storage subscriptions.

Get set for GDPR with Databoxer

If you are not on your journey to GDPR compliance, then you’ll still have a fair amount of work to do to get there. And you must be compliant by the 25 May 2018, or risk heavy fines. Plus, the earlier you get ready for GDPR, the sooner you can benefit from it – and put your mind to rest!

Databoxer provides a streamlined way for you to manage consents, and for your customers to control their data. Our compliance widget can be added to your website in minutes and integrates with major marketing platforms. It’s simple to add consent questions and all data is securely processed and stored too.

Your next steps

Seize the opportunities that GDPR brings, with Databoxer. Learn more or sign up for our beta program today.

Leave a Reply

Your email address will not be published. Required fields are marked *