GDPR: priorities to get straight for 25 May 2018
With two months to go before the deadline, how to navigate the different projects being carried out in line with the approaching GDPR? Obvious issues, such as opportunities to stand out from the crowd in terms of customer relations, or even to get ahead as an industry forerunner, should be prioritised. Read on for more.
The GDPR (General Data Protection Regulation) will come into effect on 25 May 2018 and is responsible for regulating and making more homogeneous at European level practices in terms of the collection, exploitation and access to personal data across Europe.
But what does this date mean for all the companies handling customer data? As of 25 May, any company unable to produce their compliance guidelines will be exposing themselves to stricter penalties delivered by far less lenient authorities. Remember that initially, personal data protection was already widely regulated in France by the Data Protection Act.
Should we only be thinking in terms of risk? Beyond regulatory restrictions, the enforcement of the GDPR means that the management of personal data has become a challenge in the differentiation and improvement of customer relations. Rather than simply making a few quick adjustments to give the impression of compliance, companies should take particular advantage of the two months that lie ahead to land some value-generating projects. The different issues around the GDPR actually hold some real short and medium term opportunities.
Managing consent: a strategic line of communication
Take consent management, for example, which is one of the most obvious requirements from a customer perspective, even if it was an issue well before the GDPR. Whether in relation to a prospective or current customer, from now on their explicit consent will be crucial for any collection or use of their personal data. However, there are exceptions, quite numerous and frequently, particularly in the case of treatment considered “legitimate” by the regulation. This consent must also be able to change or delete their given consent easily when it comes to using any of their data.
To ensure “informed” consent, the GDPR imposes a sort of transparency with regard to the end use of processing this personal data. Companies must therefore be able to explain to their customers why and how it is using the data or which third parties it might be entrusted to.
Easy to read legal notices
As a consequence, businesses will have to prepare some specific language elements, change their legal notices and draw up a suitable communication plan. Beyond the efforts made to provide for customers, businesses have a real opportunity here to make direct contact, a truly golden opportunity in terms of customer relations. In the insurance industry, for example, where dialogue is often limited to automatic contract renewals and claims declarations, establishing a compliant consent policy could go hand in hand with a strategy for converting business or even collecting data.
At a time in marketing when quality should replace quantity, all channels are turning into potential lines of communication, even the most formal ones. Need an example? The next time you’re out doing your groceries, take a moment to look at the Michel et Augustin yoghurt brand. Whilst the ingredients are listed just like on any other food product, the list has been written in such a way so that the “legal notice” has become a sales pitch, in the quirky relaxed tone that’s contributed to the brand’s reputation, much like the UK’s Innocent smoothie brand, for example.
On a different note, the France Télévisions website pairs its pages on personal data management with a video showing all the possible downward spirals of poor data management, as one internet user sees their password and debit card details divulged during live audience shows. As the sequence ends, a message explains that the data collected on the group’s website is only used to offer a personalised experience, suggesting that the user complete their online profile. Even without the fun spin, communication around managing consent is an fantastic opportunity to send customers a positive signal and to shine the spotlight on a high-value service or proposal.
People’s data: offer a market standard
In the same vein, GDPR compliance projects also lend themselves well to more indirect forms of communication. This is particularly true of sectors such banking or insurance, where we know that what’s left to be done will go far beyond the virtual milestone on 25 may. The enforced regulation will give some visibility to matters such as the right to deletion, rectification or the portability of personal data. Again, dealing with these issues in advance and head on, compared to the rest of the market, helps to turn a constraint into an interesting opportunity.
Take personal data portability, for example, a right that gives customers the option to ask a company to return all the data they hold on them. This is no trifling matter. First off, all the data kept by the company will have to be sifted through, separating the data provided by the customer from the data collected and incorporated from third parties. Next, a suitable delivery format will have to be agreed on, with readable data, relevant formatting and clear explanations of the regulatory framework. It’s the same issue for the right to be forgotten, or for accessing data with a view to rectifying it: each of these matters implies having established a certain number of practical measures with the associated elements of communication.
In practice, it is unlikely that portability requests will start flooding in on the morning of May 25. At a first glance, managing portability isn’t really the priority. But dealing with it quickly does, however, offer a great chance to get your name out there by sending, again, a positive signal to the customer. Taking a stance on the matter quickly will actually help to communicate on your approach. Whilst you’re at it, why not offer the market some elements for standardisation or even support the creation of labels which will serve as confidence indicators for customers and potential partners alike.
Confidence as a pillar of customer relations
When it comes to compliance, there’s expertise and then there’s expertise! Giving priority to more obvious matters comes down to using transparency requirements to your advantage. This will turn out to be all the more crucial as the market heads towards personalised customer relations that will be impossible to implement without the consent of the concerned parties. Definitively, regulatory requirements and marketing or business needs are converging. Those first projects carried out in the crosshairs of the GDPR’s coming into force are just the first step, but an important one nonetheless. Opening up the discussion around personal data is really a matter of taking the long road to privacy by design and demonstrating that the company’s GDPR guidelines are not just a list of good intentions.