GDPR is going to be the buzzword of 2018. The General Data Protection Regulation comes into effect on the 25th of May and will change the way we can market to customers forever.
But how many businesses are prepared for it? Or even know what it is?
In short, GDPR places customers in total control of the data businesses store about them. That means their personal details, what they’ve bought, when and how often – even how they came to be customers in the first place.
Individuals can request a full record of any information stored and demand to be erased if they wish. Technically, they can do that now but the laws are far clearer under the GDPR and any organisation will be legally compelled to comply within a single calendar month.
For most companies, that’s rarely going to be as easy as it sounds. With data management and storage matters likely to complicate things, not to mention staffing time and availability, even small numbers of customers exercising their rights could result in increasingly stretched resources.
But that’s just the tip of the iceberg.
GDPR focuses heavily on ‘consent’. As a result, a range of directives are included which will require business to alter their data collection mechanisms and op-tin rules.
It seems drastic but some businesses will need to renew consent from customers who have been buying for years in order to continue to market products and services from May. They will certainly have to make some major changes to current opt-ins when acquiring new customers. All this means overhauling data collection mechanisms on web sites, phones, emails, in fact any device used to capture information on new customers – digital or other means!
Data security is also a prominent feature of the GDPR. This is hardly surprising given some of the high profile security breaches over recent years. Yahoo, LinkedIn, MySpace and Ebay have all made global headlines in recent times but The Independent Commissioner’s Office (responsible for policing UK data protection laws) regularly fine organisations for data breaches at a national and local level. Last year these included public sector authorities such as Nottinghamshire County & Gloucester City Councils, large companies Talk Talk, Money Supermarket.com and WM Morrisons supermarket, and charities as varied as The Royal British Legion and Battersea Dogs Home. Not even Kent and Greater Manchester Police went under the radar and were one of a few policing intuitions who were penalised.
It’s fair to say that Uber’s recent breach of 57 million users (and their attempt to hide it by paying off the hackers), has put security and GDPR firmly on the radar for 2018.
All in all, the new laws present some considerable challenges for any UK business collecting customer data. Quite how The GDPR will affect businesses is still unknown, as is the leniency, tolerance or indeed ruthlessness of the ICO. However, the principles of the legislation are clear and so are the approaches business needs to be putting in place now. The Government has already confirmed that the GDPR won’t be affected by Brexit so for good and for bad (and it’s not all bad) everyone needs to prepare.
Our strategic marketing team know data! Over 20 years’ marketing and CRM experience within some of the UK’s biggest companies spans the introduction of the previous Data Protection Act in 1998 and will be invaluable in navigating the new laws from May.
It is vital businesses act now as this is the time to be as prepared as possible.
We will continue to update you in the coming months but we recommend acting fast – there are less than 140 days to go to a new way of marketing and communicating with customers. For more information please contact us today.