As the world accrues more information, the internet age is quickly transforming into the data age. More data has been generated in the past two years than in all of human history. For brands, that torrent of information comes with new challenges and opportunities.
Data Protection Regulation and European Standards
One of the most exciting milestones of the data age has arrived. It’s a new European standard that will have globally reaching effects: the General Data Protection Regulation (GDPR). Adopted in April, it begins its transition now to full application in May 2018, when it will ensure a new era in consumer data privacy and control.
Data protection regulation isn’t exactly new. The GDPR’s predecessor, 1995’s Data Protection Directive, will have completed its 23-year service to EU citizens when the GDPR is implemented.
But 23 years is an eon in the IT world. It’s not surprising that legislation that was crafted when desktops ran Windows 95 and eBay was a startup no longer meets present needs. (Many current users weren’t even born!)
Instead, the GDPR will address today’s data privacy and control needs far more comprehensively. New regulation includes data subject consent, data anonymity, breach notification, transborder data transfers, and the appointment of data protection officers.
The GDPR applies if either the data controller/processor — such as Google — or person whose data is collected is based in the EU. In that sense, it has ramifications for any global company servicing Europe’s more than 740 million inhabitants.
And the GDPR will enforce compliance by data controllers and processors with authority to impose hefty fines: up to 4 percent of worldwide turnover. With compliance becoming mandatory in May 2018, companies only have 18 months to prepare. That requires major operational reforms.
A New Era Means a New Opportunity
For brands, these changes pose a great opportunity to cultivate consumer trust and confidence. Those who do it best will win big in market share and brand loyalty.
That requires understanding the consumer’s perspective on his data privacy concerns. So it’s vital to present the GDPR’s principles into your data-gathering engagements in clear, sensible language — not just yesterday’s perfunctory checkboxes for the consumer’s consent but the plain language of engaged consumer understanding.
These engagements need to be precise and, above all, designed to protect the consumer. To execute well in a world of ad blockers and unsubscribe buttons, brands need to get creative. But that’s what they do best, right? As U.K. Information Commissioner Elizabeth Denham put it, “It’s not privacy or innovation — it’s privacy and innovation.”
The payoff? Respecting your customer base through good use of this new privacy framework will greatly enhance consumer trust, respect, and confidence.
Leading the Way and Reaping the Benefits
The GDPR is all about putting control in the hands of consumers, but most consumers don’t know that yet. Many haven’t heard of it, let alone their newly enhanced rights to privacy or even compensation.
And that represents a once-in-a-generation business opportunity to reengage audiences before consumers take the lead. Brands can drive these interactions in a way that lets both parties win.
What will consumers want in the GDPR era? Besides systems that are responsive to their requests and grant them control over their data and how it’s shared, consumers will soon enough learn of — and demand — the basic rights the GDPR grants them:
- The ability to add, change, or withdraw consent
- Data portability
- Data erasure
- The ability to request access or restrict processing
- The ability to lodge a complaint and seek compensation
Coming late to this party won’t inspire the trust that drives brand success. Brands need to understand these concerns and establish trust and confidence early (meaning now).
5 Steps Toward GDPR Compliance and Enhanced Consumer Trust
Let’s review five actions brands can take to align with the GDPR, looking at the regulation as a chance to strengthen consumer trust and engagement.
- Don’t panic! The GDPR means business, but your team shouldn’t be in a frenzy. There’s still time to bring your company into compliance with the new regulation and effectively engage consumers. This should be seen as a business opportunity, not a disabler. Putting your efforts into place now saves you from panicking later.
- Know your flow. It’s vital to understand data’s relationship with your organization — where data enters, its journey, where it resides, and with whom it’s shared. Marketing leaders should begin with initial readiness assessments, gap analyses, and data privacy audits. Once complete, you will have a clear idea of existing data’s volume and nature, as well as how it moves through your organization.
- Get granular. Next, sharpen your focus by completing the Privacy Impact Assessment (PIA). The PIA points out any potential weaknesses relating to systems, processes, data life cycle management, and third-party data sharing. Then, you can identify controls that will better protect the data and reduce the potential for breaches.
- Embrace privacy by design. The "privacy by design" (PbD) approach, an international standard backed by the United Nations and the U.S. government, focuses on privacy and data protection compliance from the start, not as an afterthought. PbD should be integrated into all project and risk management methodologies and policies and any marketing systems that store personal data. PbD works anywhere strategies have privacy implications, such as data-sharing initiatives.
- Marshal your forces. In the final analysis, privacy protection is the responsibility of people, not algorithms or laws. The right team makes all the difference. To this end, marketing leaders should employ a data protection officer and engage cross-disciplinary leaders — experts in technology, analytics, media, and strategy. Together, the team can advance data-driven marketing practices to fulfill the GDPR and strengthen consumer trust with thoughtful privacy-conscious marketing organized around opt-in and informed consumer participation.
Data collection doesn’t have to be intrusive. In fact, it can be a way for brands and consumers to connect with one another. The GDPR provides a perfect opportunity for that connection, so take a close look at your data processes, and transform your collection into a win-win situation — because May 2018 isn’t far off.
Brands still have plenty of time to prepare for GDPR compliance and improve their consumers’ experience, but they need to begin now if they’re going to make their data processes both compliant and engaging.
For our readers in Europe, is your brand prepared to meet the GDPR compliance? For those outside of Europe, how do you feel about the GDPR standards?