In today’s customer-centric economy, we’re all competing to deliver a better, more personalized experience for our customers. As a result, we’re also competing to collect as much data as possible about our customers.
The more data we have, the better we are able to deliver a personalized experience.
With the introduction of the General Data Protection Regulation (GDPR) this May, it will be a lot harder to collect data about EU citizens. This radical new privacy law is aimed at protecting and empowering EU citizens data privacy, while mitigating the risk of more Equifax-like situations.
We can view this change in policy as an obstacle to servicing our customers, or we can see it as an opportunity to win them over.
In the post GDPR era, the companies that take the right action steps to protect their customer’s data (which we will get to later in this post) will win the trust of their customers – and perhaps even their competitors’ customers.
Before figuring out how to leverage GDPR as an opportunity, let’s recap what GDPR is all about so we get on the same page.
What is GDPR?
Let’s get started with a definition directly from EU’s GDPR website,
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
Three main points jump out: unification of policy over EU, empowering customers and changing how organization approach data privacy.
Purpose 1: “Harmonize data privacy laws across Europe”
The outdated Data Protection Directive 95/46/EC was up for interpretation by the various members of EU which resulted in a mess – it was hard to follow and even harder to regulate. The new GDPR unifies all the regulations in EU under a single policy and backs it up with some hefty fines, €20M (~$22M) or 4% of global annual turnover.
Purpose 2: “To protect and empower all EU citizens data privacy”
With the GDPR, the EU is stepping up in a big way to help ensure that their citizens’ data is properly stored and collected.
Under the new GDPR regulation, all EU citizens will be entitled to a list of rights that give them more control over their data.
These rights include the right to be forgotten, object, move and restrict any data processing, as well as to be informed of all data collection, notified of a data breach and the right of access to their data.
If you want to learn about the different rights in more detail, the IAPP has a great resource.
Part of being a consumer-centered organization entails keeping track of all your customer’s preferences. This way, if you’re asked to show proof of an opt-in, you’ll be able to provide it.
Hopefully you have all those rights covered, let’s see what else the GDPR wants from your organization.
Purpose 3: “…Reshape the way organizations across the region approach data privacy”
The GDPR want’s to change how you engage with your audience in regards to their privacy. This is your opportunity to tell your customers that you’re serious about the security of their data. To demonstrate that, here are some actions that you should take:
1) Hire a data protection officer
A data protection officer (DPO) is the person responsible for over-seeing your organization’s data protection. They are responsible for understanding how the GDPR affects your business and customers. They are also responsible to answer any questions that come up regarding security.
2) Complete an audit
It’s important to go over your entire website and audit every customer touch point that you’re using to collect data about your customers. This means every pop-up or landing page that is collecting cookies or emails has to be audited.
3) Get unambiguous consent
Consent must be affirmed by “a statement or a clear affirmative action”. In other words, silence, inactivity, or pre-checked boxed do not constitute as consent. To be fully GDPR compliant tell your customers in plain language what data is being collected and how it will be used. Then, the customer must have the option to accept, partially accept or fully reject these terms.
4) Be prepared for a breach
Another important aspect of this regulation is your organization’s ability to respond to a breach within 72 hours of discovery. This means that your organization must report the breach to the appropriate regulatory authority, and in some circumstances, to the EU residents themselves.
This is your opportunity to engage with your readers, subscribers and customers and tell them that you’re serious about the safety of their private data.
Also, explain to them the reason you are collecting their data in the first place– to deliver a better user experience.
Here at Maropost, we’ve been continuously providing our customers with high level of protection and security. The new regulation will only be used to better serve and protect our customers.