GDPR – are you ready?
What about Brexit?
The Information Commissioner’s Office is the public body responsible for ensuring the UK is ready for GDPR. They have acknowledged there may be questions about how the GDPR would apply in the UK once we have eventually left the EU, but have emphasised that this should not distract from the important task of ensuring compliance. The ICO points out that with so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals. So it seems safe to assume that there will be no escaping the level of standards set by GDPR even after Brexit.
What will GDPR mean for businesses and marketers?
The GDPR will bring definition, clarity and accountability to data practice. Much more than bringing in a code of ethics. It will enforce transparency and create a legal framework around the ‘Single Digital Market’.
For many marketers, it is likely to signal upheaval. All private and public organisations operating within the Eurozone that hold 5,000 or more customer records will have to assess and change their approach to the data they hold. GDPR will also affect global supply chains – for example, companies in India that hold data about EU citizens must also conform to the new laws.
For some companies, it could mean a laborious and expensive appraisal of data they – or their outsourced suppliers – already hold. For others, it will necessitate a radical overhaul of the way they do business.
It’s also likely that the demand for data protection officers – whether in-house or independent – will increase dramatically. Research by the data protection recruitment agency GO DPO EU estimates that in the financial services sector alone, around 33,000 companies might require a data protection officer in order to meet some of the new regulations.
Whose data is it anyway?
Customer data is essential for marketers to reach the right audience and meet customers’ needs and interests. Yet CIM’s recent research revealed a shocking 92% of consumers do not fully understand where and how marketers, brands and organisations use their personal information and data and one third (31%) said they have no idea about where and how their personal data is being used. Fears of data breaches and misuse has them on high alert.
And with two thirds (68%) of marketers confessing to limiting sharing their own data as a consumer because they know how organisations will use it, this is extremely worrying.
In addition to this, only 16% of consumers admitted to always reading the available T&Cs before providing their personal data and more than a quarter (27%) admit to not knowing their data protection rights as a consumer.
However, two-thirds (67%) of customers actually say they would share more personal information if organisations were more open about how they will use it.
Getting it right
Marketers must recognise that the new GDPR regulations reflect a growing demand for reform among consumers, and the hope of putting an end to headlines about data breaches by household-name brands. But knowledge isn’t enough.
Compliance advice from the Information Commissioner’s Office needs to be acted upon now.
Data protection is no longer a talking point, it’s the new reality.
Chris Daly, Chief Executive, The Chartered Institute of Marketing