The General Data Protection Regulation (GDPR) comes into force on 25th May 2018.
This new legislation is designed to give European citizens greater control over their personal information. If your business handles Personal Identifiable Information (PII) such as customer lists, sales data or Customer Relationship Management (CRM) platforms, this affects you, so you need to take notice.
If your organisation already places a value on customer data, GDPR should not be a surprise and should cause little trouble. Unfortunately, many organisations treat data more like a waste product than a valuable business asset. If that includes you, you may be heading into expensive trouble as fines can be as much as 4 percent of global turnover. This data point alone, means data regulations now have the boardroom attention they deserve.
GDPR aims to tackle the notion that organisations can use implied permission and experience data losses with impunity. In some cases such as the infamous TalkTalk issue in the UK, organisations have been unable to even properly classify which personal data has been compromised. Clearly, European businesses need a better understanding of what PII they have today and will acquire in future, so they are looking for IT suppliers who can provide them with reassurance they will not.
This means the GDPR is actually a gift to marketing pros. A chance for some brands to polish their credentials, while others watch theirs disintegrate. However there is another regulation which will impact telcos, Software as a Service (SaaS) and Managed Service Providers. A new Transatlantic data transfer agreement, known as Privacy Shield and replacing the previous Safe Harbor agreement, is yet to come into force and is all set to disrupt those operating datacenters or offering telecoms and cloud services.
Like the GDPR, the implications for those outside the UK, in this case, the US are huge. The new arrangement was spawned by the fact that the US doesn’t meet EU standards for data protection. Mass surveillance disclosures from Edward Snowden eventually led to Europe’s top court conclude Safe Harbour wasn’t safe enough and despite the protests of Facebook, Google and others, the Privacy Shield is coming down.
Even though it is still early stages for Privacy Shield, the rules around data protection are moving irreversibly to favour the individual. Organisations who truly control their data using advanced technologies will be in a far stronger position than those who take compliance for granted. Therein lies the opportunity for marketers. Those who can prove to customers, regulators, suppliers and the media that they are focused on managing data responsibly will win out.
Organisations are well advised to go beyond bare compliance by proactively improving their visibility and control over data transfers and building contingency plans in the event of a cyber breach or changes being made to regulation. Unknowingly, many IT suppliers have the ideal raw materials to succeed in this marker, though for many the challenge is to craft the right messages.
As always, best practice in this hyper-regulatory world requires expert knowledge. We are coaching several clients and delivering marketing resources from sales decks to press and social campaigns, which inform their sales teams, channel partners and customers on how to implement the appropriate technical and organisational security measures to meet GDPR, Privacy Shield and other new data-driven requirements.
Blending a detailed awareness of the new data privacy regulatory environment, a keen sense of how the ‘story will develop’ and how technology and know-how can help plays right to +M’s skillset and values. Some of our public domain work can be seen here. Let us know if we can help you too.