RegionsEEABeyond Britain: Why every organisation needs to prepare for GDPR

Beyond Britain: Why every organisation needs to prepare for GDPR

Every organisation needs to prepare for GDPR, not just those in Britain, argues Nicola Pero, chief technology officer at Engage Hub.

The exponential rise in digital data over the past decade has changed the way the public and organisations of all kinds engage.

Now every bank, local charity, hospital or public authority, each holds personal data about every customer, patient, client or constituent it comes in contact with. Social media platforms like Facebook, for example, have over a billion active users posting everything from updates on world travel to photos of food, family, and friends. That coupled with the 100 billion searches on Google every month that are monitored, tracked and used to inform most organisations ads and promotions, there’s no denying that this can cause some serious privacy issues.

Next May, the European Union (EU) is introducing the widely publicised General Data Protection Regulation (GDPR) designed to tackle these issues. The last time data regulation was changed it was 1995 and only 23% of households had a computer. Fast forward twenty years, now every household has on average 7.4 internet connected devices and that’s only set to increase.

This proliferation of devices, connectivity and access make it abundantly clear that it’s time for data protection reform as consumers rights are now in unchartered territory. But as organisations prepare for the GDPR, is it just a necessary evil? Or should organisations embrace it as a positive change?

Rebuild the business on consent

One of the biggest changes in the mandate is around consent. At the moment, the Data Protection Directive allows you to market to data collected from potential customers you’ve met at trade shows, for example. However, under GDPR, organisations are required to carry out privacy impact assessments, which are designed to give you an understanding of the risks to personal data and privacy.

  • Farewell opt-outs – Under GPDR, the double opt-in (where prospects both fill out a form or tick a box and confirm by email that they want to sign up) is crucial if organisations want to avoid being fined
  • New consent lifespan – Companies need a legitimate reason to communicate with consumers, and consent will be granted for a limited time
  • Aggregation has been significantly reduced – No longer will it be easy for businesses to aggregate data to profile an individual
  • Consent for data mining and machine learning – Sadly, those advanced digital marketing techniques will be harder to implement in the future

It may sound prohibitive, but as the Edelman’s Global Trust Barometer indicates the world is currently experiencing a trust crisis. Broadly, people have little trust in the media, government organisations, businesses and political leaders. Therefore anything that can be done to rebuild that trust today, will go a long way to maintaining that trust future and ultimately reinforce an organisation’s reputation.

Beyond marketing, beyond borders

International organisations relying on Brexit as a “get out of jail free” card when it comes to GDPR, will be very surprised come May 2018. No matter where a business resides in the world if an office or subsidiary is UK or EU based, GDPR applies.

Now more than ever, the protection of personal data and privacy has to be built into all business processes. That means if a Singapore company has offices in the UK and other parts of Europe, there’s likely to be a need to re-evaluate how data flows through the organisation and across borders. If data is currently stored in online and offline silos, for example, they will need to be integrated as at any moment a customer can legally request every detail on file about them. That could be utility metre readings, appointment history from dentists, medical history from doctors or even transaction history from a retailer.

The fines for non-compliance are high and stricter than ever before. Regulators can charge up to €20 million or 4% of global annual turnover for the preceding financial year (whichever is greater) for a breach. And they have the authority to intervene in business processes related to how personal data is stored.

Getting ahead of GDPR means understanding all of the implications outlined above, but also harnessing the power of technology to make scalable change. A data management platform, for example, can significantly reduce the risks associated with not being able to find data or action a request. Plus, it can provide a complete view of all individuals interacting with an organisation, to enhance the customer journey, better tailor marketing efforts and discover new ways to increase revenues.

GDPR shouldn’t be viewed as a negative. It’s a huge opportunity to get ahead of the competition and build an even closer relationship with customers – at a time when businesses need it most.



Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation