Even in 2021, three years after the General Data Protection Regulations (GDPR) has come into force, how businesses handle their customers’ data continues to be a hotly debated topic. Given all the changes that have taken place over the last few years, it’s vital to make sure your data protection policy and practices are up to date.
The Internet of Things (IoT) and Data Protection
One of the major changes we have seen developing over the last few years is The Internet of Things (IoT).
What is the Internet of Things?
The IoT refers to a whole class of day-to-day objects and devices sold with built-in network connectivity. This means that you can pair them directly with the internet, without plugging them into a computer first. There were an estimated 22 billion IoT connected devices in use around the world by the end of 2018, with this forecasted to rise to 50 billion by the end of 2030.1 This helps businesses stay relevant, understand their customers and try to improve their lives. But with customers and businesses being having multiple devices linked together means more opportunities for data breaches.
Customer Data Protection
Customer data is essential for marketers to reach the right audience and meet customers’ needs and interests. However, prior to the introduction of GDPR, a survey conducted by the Chartered Institute of Marketing (CIM) revealed that 57% of participants do not trust companies to use their data responsibly, with a further 51% believing that their data is misused.2
27% also admitted to not knowing their data protection rights as a consumer, but 67% of customers actually said they would share more personal information if organisations were more open about how they will use it.2 So bearing all of this in mind, your company could benefit from having a readily available, very clear data protection policy.
GDPR and Data Protection
In addition to the GDPR factors have also emerged in recent years making data protection even more of a challenge for businesses. Perhaps most notably, the UK’s departure from the EU as a result of Brexit potentially creates further complications for how data is used, with the UK set to adopt its own version of GDPR.3 Additionally, the EU could potentially make it harder for the UK to engage in digital trade with the EU, on the grounds that the UK’s own legislation might deviate from GDPR.4
So it’s understandable that people lack confidence in how their data is collected and used, with 45% of internet users stating they are not happy for companies to collect and use their personal information under any circumstances.5
What’s more is that your business could be fined if you’re not following the right procedures and ensuring customer data security. Especially if your organisation relies on a constant stream of prospect data for its sales pipeline, you have to be constantly vigilant to make sure you’re following data protection guidelines. If your organisation fails to comply and you don’t provide adequate cyber protection for your customers, you could receive sizeable fines and penalties.
The GDPR has a simple, two-tiered fine structure:
- An organisation may be fined up to €10m (roughly £8m) or 2% of its annual turnover - whichever is higher - for not properly filing and organising its records, for not notifying the supervising authority and data subject about a breach, and for failing to cooperate with the Information Commissioner’s Office (ICO), who enforce the GDPR.6
- An organisation may be fined up to €20m (roughly £16m) or 4% of its annual turnover - whichever is higher - for violating the basic principles related to data security or for processing data without the consumer’s consent.6
How to Protect Customer Information and Stay Compliant
- Understand information flows:
a. what personal data do you have?
b. what do you do with it?
c. where is it stored?
d. who has access to it?
- Review your data protection policies for:
a. detecting breaches;
b. reporting breaches;
c. investigating breaches.
- Ensure your business and data are protected with relevant cyber insurance.
- Educate your staff.
- Have processes in place to comply with requests from individuals to receive or delete their personal data.
- Review data agreements with customers and suppliers.
1. https://www.statista.com/statistics/802690/worldwide-connected-devices-by-access-technology/#:~:text=Internet of Things,-The internet of&text=The most commonly associated products,due to their internet capabilities.
6. https://www.privacycompliancehub.com/gdpr-resources/protecting-organisation-gdpr-fines-penalties/#:~:text=The GDPR introduces two tiers,global turnover â whichever is higher.