Announcing GDPR

Announcing GDPR

Michael Brennan

Michael Brennan, consultant at Profusion, discusses the implications of the General Data Protection Regulation (GDPR) for businesses and the challenges it presents.

No, not the latest online dating app, but the European General Data Protection Regulation (GDPR) due to take effect in May 2018. It’s understandable that many may have missed the May 2016 memo (when the legislation passed into European law). There was an important European vote held in the UK the following month after all. But no, Brexit, is not our very own get-out-of-jail card.

The first thing to say on the GDPR is that it represents an evolution rather than a revolution in data protection legislation. It’s fundamentally consistent in its aims and objectives with the current (1998) Data Protection Act for example.

What is truly significant is that we now have a body of law updated to reflect the growth of digital communications, related analytics and data science applications including predictive modelling, the growth of machine learning and the emergence of Artificial Intelligence.

It is also consistent with the growing public appetite for effective protections against online targeting – reflected in the rise of ad blockers for example – and the deep unease surrounding the security of our personal data in light of major data breaches – with 2016 setting a new, unwelcome, record for the volume of personal data exposed by the likes of TalkTalk, Tesco, Three, Yahoo and more.

Under GDPR organisations will face vastly increased fines for such egregious lapses (and any failures in rapid notification) in data security practice – up to 4% of global revenues. For Tesco that might have meant a fine of circa £4bn. Now that’s the sort of impact that will concentrate minds at board level.

As such you would do well to think about GDPR compliance as a key part of your digital and so brand identity – and a potential source of competitive advantage. Mike Bracken at the Co-operative has for example placed being ‘trusted with data’ at the heart of the reboot of the Cooperative proposition (yes retro 70s branding an’ all).

One of the challenging requirements of the legislation is enabling individuals to access, amend and take away their personal data from company records. Personally, I’m excited by the boost this should give to the nascent personal information management services market (PIMS) as promoted by the World Economic Forum over a number of years.

Why has the WEF taken such an interest in this area? Because they clearly see the potential for a public backlash to derail the continuing growth of the digital economy.

Importantly the regulations also require businesses to be able to explain how their predictive algorithms work (in accessible terms) – in the context of taking major decisions with long term impacts on individual lives. I believe this will rapidly become a key element of the responsible business agenda.

Ultimately there is a crucial culture shift required in order to embrace the requirements and opportunities inherent in the legislation, namely a new appreciation and recognition that the individual is the ultimate owner of their own personal data, organisations are custodians, but only for as long as the customer chooses to allow this.

Put simply – think of the protection of our personal data as a 21st century human right

So, how equipped do you feel to communicate and demonstrate a clear value exchange to your current and prospective customers in return for their data? As more operations move toward direct-to-consumer (DTC), subscription or similarly enriched propositions this is arguably the key marketing challenge ahead of us today.

Speak to Profusion today about how we can help you to prepare for the impact of GDPR. Whether it’s reviewing your data architecture and management in light of the new requirements, evaluating your CRM and on-boarding programmes, preparing for the now mandatory privacy impact assessments, or exploring new forms of value exchange for your customers and prospects.

For independent and authoritative guidance on GDPR see the UK Information Commissioners Office (ICO) here or the EU Commission here.