The GDPR Mindset - A Case Study | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

The GDPR Mindset - A Case Study

16 Jul 2019

T-board-3700375_1920-2.jpg

This is a brief [sic] look at some of the implications of the GDPR and is intended to illustrate the scope of the legislation and the changing perspectives on data security. For a more in-depth look at the new legislation read here.

The GDPR is an EU legislation that became law in May 2018. It aims to unify, update and simplify existing directives into a single set of guidelines. The over-arching goal of the GDPR is to return control of personal data to the data subject and better regulate it’s collection, use and export.

When you think of GDPR, what springs to mind? You could be forgiven for thinking the GDPR is aimed solely at the digital environment. But the GDPR actually has a much wider scope of influence. The legislation is a mind-set that, once adopted, influences everyday life in ways you may not have considered.

To explore this, let’s look at two examples. Both real, anonymised and fairly recent.

With a young son, I spend a lot of time at local soft play facilities. Fun for him, coffee for me and a nap for us both when we get home. We have two favourites that we attend every couple of months.

Case 1 - Soft play A

Soft play A asks you to sign in on a clipboard. At the next open space, I enter my name, my son’s name and my address. I can see each preceding visitors details, and subsequent visitors will see mine. On the face of it, no big deal right? But let’s think about this a little. Under the GDPR, soft play A are the data controller i.e. they own the data on that clipboard and are responsible for it.

As the data controller, they decide (among other things)–

  • -to collect the data
  • -what data to collect
  • -who to collect data from
  • -how to collect the data
  • -what to do with the data
  • -who has access to the data and how to secure it
  • -how to store the data
  • -how long to store the data
  • -how to dispose of the data

Under GDPR guidelines, a number of these decisions should be shared with the data subject. Even though this data is physical, recorded with pen and paper, the above still applies. Soft play A have not considered these implications. The medium of data input and the seeming innocuous nature of the data no doubt influenced this oversight.

But, once you adopt a GDPR mind-set, you can see the issues with this haphazard approach. My personal data is now in the hands of soft play A and I have no assurances they will treat it with the respect and care it deserves. What’s more, my son’s information, which should be considered extremely sensitive under the GDPR’s revised guidelines, is in the same legislative limbo.

Case 2 – Soft play B

The following month, we head over to soft play B. Last time we went, they had a sign-in system similar to soft play A, all details recorded in a single book. But this time, on arrival, I’m handed a slip of paper to fill it out. Again, I include my name, my address and my son’s name. Then, I’m instructed to pop the slip into a fancy new sealed box. Soft play B have considered the new regulation and made a simple adjustment.

What are the lessons?

Soft play A aren’t evil, they just haven’t fully considered the GDPR’s impact. Like many businesses, they have neglected to consider how the GDPR could apply to their specific practices.

Soft play B aren’t perfect. They still didn’t tell me why they were collecting my data, what they would use it for, how they would store it etc. Still not perfect, but a great start. By making positive changes, they have raised my opinion of them. I recognise that they respect my data, understand its importance to me and have taken steps to ensure its security.

This is GDPR’s unspoken power. With simple adjustments and a change of perspective, companies demonstrate an understanding and respect for their customers and in turn, they are rewarded with the loyalty of a grateful customer base.

The GDPR is often misinterpreted as over-zealous nit-picking. However, once you get into the mind-set, things become glaringly obvious. Of course companies should handle our personal data with the care and respect it deserves.

When they do, we value it and feel valued in return.

www.doingmore.co.uk

Iain Schofield Iain Schofield

DMP - Hello Market
Marketing Executive

Hear more from the DMA

Please login to comment.

Comments

Related Articles

Which Is Best, Digital Or Print Communications?

All too often going paperless is championed by businesses wanting to move their customers on-line to reduce cost, but the benefits and effectiveness of one medium over the other is not that clear cut.

Screenshot 2024-04-16 162728.png

The Power of Customer Journey Analytics in Telecommunications

The telecom industry boasts an array of touchpoints, presenting both opportunities and challenges for marketers. Ensuring that campaigns not only resonate but also yield results is critical.

iStock-1473164518-modified-f4e3c11c-cd81-417a-a5bf-adaf217da044.jpg

Managing Customer Data Silos in Telecommunications

The telecommunications sector grapples with a pressing issue: customer data silos.

iStock-1180187740 600x400.jpg

The Importance of Data Quality and Data Confidence in Customer Experience

We live in the information age, where customer insight expands with every click, swipe, and interaction.

iStock-1363814424 600x400.jpg

Expand

Copyright DMA 2024 © All Rights Reserved