When will they learn? Put the citizen first!

There are no excuses. Unless you have been living under a rock somewhere extremely remote, you can’t have failed to hear, or read, about the new data privacy and communication regulations. GDPR and PECR are as familiar to businesses as Brexit. So, how can it be that Leave.eu, an EU referendum campaign, together with Eldon Insurance (trading as Go Skippy Insurance) failed so catastrophically when it came to the simple principles of these acts?

Citizens - you and me, are still being wronged by organisations in which we’d placed trust to do the right thing with our information.

As we entered this Digital Age, Information Age or Fourth Industrial Revolution - whatever you wish to call it, regulators, government, businesses and activists have been pressing home the need for more stringent legislation when it comes to the use of personal data. As more and more transactions are performed online, the volume of gathered data has risen exponentially. According to IDC (International Data Corporation), data creation doubles in size every two years, and by 2025 the digital universe (the amount of data created and copied annually) will grow to 163 zettabytes (ZB), or one trillion gigabytes (GB).

That’s a lot of personal data flowing around. Personal data that holds a lot of value, especially to the Digital Giants or Surveillance Capitalists.

Hence why us citizens, need to grow our understanding and question those who we share data with.

The afore mentioned Leave.eu and Eldon Insurance, broke the rules and have received not only an audit and notice from the Information Commissioner’s Office, but a fine of £120,000 to boot.

In the action from the ICO, it was found that the two organisations were linked. That systems meant to keep the personal data of the two operations separate were ineffective, resulting in politically charged communications being distributed to Eldon Insurance customers who had not opted in to receive them.

Similarly, Eldon Insurance sent two unlawful email campaigns, over one million emails, to the Leave.eu subscribers, without sufficient consent.

It is simply not good enough. The times when you daren’t open your email account for waves of spam messages should be a thing of the past. Cold calls should be safely relegated into Room 101 and a return to the bad old days when you could barely open your front door for unwanted direct mail shouldn’t be revived. And all, because of the new data privacy regulations – here to help you.

And, there are no excuses for getting it wrong when software exists to stop this happening. Software that integrates with existing systems, like Salesforce and other Customer Relationship Management programmes, for the betterment of customer relationships, to progress the value exchange so both parties get something meaningful from the interaction – a better product or service, a stronger community or improved communications.

The use of insights from valuable and actionable data – trustingly given in the full knowledge that it won’t be processed or shared for purposes other than you have specifically granted, will result in enriched customer relationships and reduced churn enabling organisations to rebuild customer bases with citizens opting in to do business with those they believe in.

So, on this Safer Internet Day – please think twice about what you share across the web. Check Privacy and Cookie policies to make sure you know what data is being drawn from your interaction. Understand what personal data is being processed, who (which department or organisation) is going to use it or have it shared with them, when was permission given to use it and for how long, why they need it – for what purpose and where did they actually obtain the permission from.

Feel free to challenge them and say no if you don’t want them to use any aspect of it. You might be happy for them to use your email to send you product updates, but not for general newsletters. You can stop them sharing your telephone number with their partners. Whatever makes you feel in control - you can always change your mind at a later date and let them know.

Make sure your permissions and preferences are logged so you get what you do want. If they can’t answer these questions or fail to tell you what they already have stored against your name, remind them of GDPR and PECR. Exercise your digital rights, opt in or out to what feels right, submit a Subject Access Request – free of charge, and if necessary, report breaches to the ICO.

Oh, and tell them that software exists to help them address all this and maintain compliance – it’s called Consentric.