Why should you embrace the principles of the GDPR?

The GDPR isn’t as terrifying as you might think. Admittedly, phrases such as ‘data breach,’ ‘legitimate interest’ and ‘layered privacy policy’ probably aren’t the friendliest you’ve ever read. And yet they are not as complicated as they seem. Like many things, you can understand them with a little effort. And that’s half the battle. Once you’ve got your head around them, suddenly these phrases start to make sense and you can begin to embrace the principles of the GDPR.

UNDERSTANDING THE GDPR

The GDPR isn’t the first data protection act: many others came before it in the UK. Some of them, like the data protection acts of 1984 and 1998, also attracted public attention and build-up around data privacy. So, briefly, where has this one come from?

The General Data Protection Regulation replaces the EU’s 1995 Data Protection Directive. It aims to synchronise data privacy laws across Europe and protect the data privacy of EU citizens. It also provides a much-needed update – the digitalised, global economy of 2018 sits in stark contrast to the era of the 1995 directive.

REACTING TO CHANGE

Compared with 1995, exchanges of data are increasingly digitised. You buy your morning coffee using a contactless bank card, then commute to work with a ‘digital’ ticket. You likely check your emails on your smartphone and click through various websites, with this behaviour tracked and analysed by marketing teams to understand consumer preferences. Similar interactions existed previously, but it wasn’t possible to store the information they produce. These by-products of our daily lives form vast reams of information, which we refer to as big data.

Of course, it’s not only the availability of data that’s changed. Organisations’ capacity to store data has vastly increased. And our ability to analyse large datasets has improved too. The GDPR is a reaction to these highly significant changes. It applies to all companies processing the personal data of data subjects residing in the EU, regardless of the company’s location. With strengthened conditions for consent, the onus is on companies to put control in the customer’s hands. And there are penalties to be aware of too.

WHAT OPPORTUNITIES DOES THE GDPR OFFER?

The GDPR is a fantastic opportunity to rebuild trust with consumers. Establishing trust is essential to developing a sustainable data economy – not least because trust is important to customers. According to the latest research from the DMA and Acxiom, 54% of people ranked trust in their top three considerations for data exchange.

So how do you build trust? Well, giving consumers control over their data is a good place to start. A clear choice to opt in or out of services ensures that the personal information a company holds is accurate and consensual. Enforcing the consumer’s right to inspect and validate that personal information is also a significant step.

Improved data accuracy means better marketing practices – and a better consumer experience. GDPR compliance will help marketers because more in-depth data will help to tailor opportunities to customer preferences. Our research has shown that this resonates with the public. The number of people claiming they would be more likelyto exchange personal information for personalised products or services has increased. The percentage rose from 26% in 2015 to 34% in 2018. And the number of people who would be more likely to exchange data for personalised brand recommendations also rose. The percentage increased from 20% in 2015 to 31% in 2018.

CHANGING CONSUMER PERCEPTIONS

The GDPR will make consumers more likely to share their data. This will provide hugely valuable insight into their preferences, and into consumer behaviour in general. It’s also a chance to create an environment in which data sharing benefits all parties. The DMA’s research also found that 78% of consumers believe businesses benefit disproportionately from data exchange in the UK. Only 8% think that consumers benefit the most. This perception has remained more or less stable since 2015.

The principles of the GDPR represent a great opportunity for organisations to change this perception and build trust with consumers. If organisations embrace the principles of the GDPR – accountability, transparency, trust and respect – they will succeed in improving the consumer experience.

TIME TO REFLECT

If the GDPR worries you, stop and remember that it’s about seeing things from the customer’s perspective. What does your customer need? And what exactly do you need their permission for? Use the principles of the GDPR to step back, listen to your customers, and reflect on why you are engaging in certain practices.

GDPR COMPLIANCE: WHAT DOES THE ICO SAY?

Earlier this month, the DMA hosted a GDPR roundtable discussing what GDPR compliance could look like post-25 May. Richard Sisson, senior policy officer at the ICO, emphasised that the organisation will be realistic: “we are still trying to be a pragmatic organisation.” He went on to clarify that if “you can show that you are working towards compliance – we may not be entirely happy all the time, but we will take those things into consideration.”

The GDPR is a big change for organisations. The ICO recognises this. And, as Sisson told the roundtable, it also realises the GDPR is an “ongoing” process: the ICO is “not going to be issuing huge fines on 25th May.”

EMBRACING THE PRINCIPLES OF THE GDPR

25 May 2018 is an opportunity for organisations to build trust with consumers and embrace the principles of the GDPR. What’s more, the ICO has shown it will continue to be firm but reasonable in its dealings with organisations. Use this opportunity to be rigorous with your data, build bridges between organisations and customers, and create a better consumer experience built on transparency and respect.

THREE KEY POINTS TO TAKEAWAY

1. Research from the DMA and Acxiom indicates that the GDPR will make people more likely to want to share their data.
2. The GDPR is a fantastic opportunity to rebuild trust with consumers.
3. The ICO is a “pragmatic” organisation. If you can show that your business is working towards compliance, but isn’t quite up to scratch, the ICO will take this into consideration.