Glazing from a distance, all you see is a spark! It was 16th of April 2016; the flames of Data Protection that was started in 1998 by the EU had suddenly grown from just sparks to the fiery flames! As these flames of GDPR are now rekindled on 25th May, 2018; the otherwise complacent companies, now started feeling the heat.
The eternal questions beckon –
Well, as a brand or an advertiser, before we start taking any swings at the EU’s directive, let’s try and decode the crux of GDPR!
What is GDPR?
GDPR (General Data Protection Regulation) is EU’s regulation to provide complete control of one’s privacy settings to its citizens. The intricacies of GDPR’s impact on citizens are covered in my last article.
How should the brands adapt to the GDPR regulations?
Every Business, Every company, Every Brand is always in search of one true currency. Perhaps not the cryptic ones of the recent past but the eternal currency which defined the rules of the Business – Audience’s Data.
As we all exploited this data, GDPR plans to curb its abusive usage.
The highlight of the above sentence is probably not the GDPR directive or the exploitation. The one stand-out is the abusive usage.
Data always was and will be the true currency!
Here are the few steps to stay prepared & adhere to the GDPR directive –
- Data here, Data there
Every Brand gathers data at multiple junctures (interactive Brand Touch points). The first step is to map all the data available in the organization.
- Delete or Shift+Delete?
Map the necessary and unnecessary fields of data of a consumer that is available. Many times a lot of data is collected without any real benefit. (Many data fields become moot because of other data fields) Instead of archiving such data it is advised to delete the unnecessary fields.
In business terms, is the opportunity cost of deleting more than the costs of encrypting the data?
- Secure is the Only Cure!
Prevent any breaches! Security is the base of preventing hassles! Any data that is available with the brand should be shared / accessible to select individuals only. Lesser the number of individuals having access to the data, lower are the chances of the data breach.
One of the most common liabilities pertaining to data security is when it is outsourced. The GDPR directive doesn’t grant any exemptions or any leeway for data breach.
Well, no system is perfect and GDPR directive gives us a provision – In case of a breach, report it within 72 hours of the breach! (This breach has to be conveyed to the individuals as well as the authorities).
- I Do!
Explicit free consent of the customer is of utmost importance. Most of the forms that accept data have pre-checked boxes. All these boxes and implied consents will no longer be considered valid under the GDPR directive. As a practice, it is advised to revisit the privacy documents & disclosures. Modify / Edit / Adjust those documents to meet the guidelines. Establish procedures and policies for an individual who tries to search for his or her data. FAQs are a great example of answering questions. Have a few interactive FAQs for the individuals to map and see their own data –
- What data is available with *Brand/Organization’s name*?
- How/Where have I given my consent for the data?
- How can I delete my data?
These FAQs not only make the organization compliant to the GDPR directive but also help in building trust with the end user.
- My way or Highway!
Considering the complex nature of the GDPR directive, there raises the question – What if we don’t adhere to the GDPR directive?
The subtle nuances of ‘Its fine’ and it will attract ‘A FINE’
Strict policies and very high penalties are huge deterrent for not adhering to the GDPR directive.
A hefty fine of 20 Million Euros or 4% of Global Annual Revenue whichever is higher is levied on brands
As we strongly recommend starting the journey of adhering to the GDPR directive for EU directives, we look at the macro perspective for the markets beyond the EU, it is a Brand’s perspective to look at GDPR!
- Data here, Data there
Is it just a spark at a long distance or are they the flames which are going to travel beyond European waters?
Coordinate with your adtech partner and work closely with your legal and privacy teams to monitor your approach. Convert the implications of GDPR as ways to win the trust of your customers and better engage them in the future.