Yousuf Rafi
Here’s a food for thought! Without consumer data, Facebook would be bereaved of its revenue model, marketing agencies would fail to calculate ROI accurately, and companies won’t be able to keep tabs on their customers! However, here’s the catch, this corporate ownership of personal data has sown the seeds of misgivings between consumers and companies for decades, making concerns about security and privacy prevalent.
Do you want to know what Google knows about you?
Go to history.google.com and you’ll see how much Google knows about you. Yes, you can surely delete your activity and feel safe, but in reality, even when you delete your history, Google still stores your history on its server.
Hold your horses – after the stillness and serenity of 20 years, the most important change in the history of data privacy is about to ruffle a lot of feathers.
GDPR – General Data Protection Regulation, is considered the most critical data privacy change since the year 1998. In the aftermath of the Cambridge Analytica & Facebook data scandal, sensitive personal customer information, clandestinely and slyly captured and retained by businesses, pose a significant threat to privacy. GDPR proposes a viable solution to this impasse.
GDPR is simply all about how consumer data should be used & protected. Adopted by the European Parliament in April 2016, it is to be fully enforced throughout EU in the May of 2018. For now, GDPR will apply to everyone residing in EU, whether they’re selling their products online or offering services to citizens who are present in EU. GDPR is poised as a replacement of the European Union’s previous data directive, governing the usage, collection, and storage of consumer data, with an aim to grant consumers greater control and more protection over their personal data.
As per the law, staggering fines – 4% of global revenues or €20 million – will be levied against organizations that do not comply with the law. Companies that have incurred data breaches due to slip-ups or those with less than stellar data protection practices are especially vulnerable to this law.
While this momentous shift appears to be the cherry on top of the cake for consumers and their privacy, we wonder what it would mean for brands that have spent years fueling their entire marketing departments with hordes of consumer data. GDPR asks brands and organizations to justify 7 key areas that need to be attended:
Consent
While obtaining data from the consumer, companies are not allowed to use ambiguous terms or forms to trick people into filling it out without letting them know the exact purpose of the data.
Breach notification
Whenever there is a breach of consumer data, the company needs to notify the customer within 72 hours.
Right to access
Whenever the company is willing to share any sort of data with a third party, they cannot do so without informing the user. Also, the data provider is required to send a personal data electronic copy to the consumer for free.
Deletion of old data
When the data of the consumer is no longer relevant or outdated, the consumer has the right to ask data controllers to erase the data.
Data Portability
The consumers are allowed to use their private data on various platforms without going through any hassle.
Privacy by Design
Companies are forced to create intelligent systems to protect the data privacy of their consumers.
Data defense officers
Professionally trained people must be selected by public authorities for systematic monitoring and handling of personal data.
Will GDPR affect marketing?
In the first phase, the GDPR law will only affect brands and businesses that are located in EU. All the marketers need to be aware of GDPR requirements. The way in which data will be collected, processed, and deleted.
Collecting data
The core reason to implement GDPR is to maintain transparency between consumer and companies when it comes down to personal data. In this age, the consumers want to know how, when, and where their personal data is being used, collected, and stored.
A good thing with GDPR is that it will empower consumers to ask companies for the collection and usage of their personal data. The GDPR is enforcing companies to notify consumers whenever they plan to use their personal data anywhere on the internet.
GDPR is not willing to opt out consent to collect data by default. Which means that whenever a user opens an account, makes a transaction, or even signs-up for a newsletter, just ticking the box to collect all the data won’t fit the bill. Now, consumers will be given an opportunity to decide whether to give permission to share, track and even use their personal data.
This means that marketers will face a tough decision and will be required to come up with creative ways for consumers to opt-in for the things that they prefer and the data they are willing to share with the world.
What about the data that has already been collected?
The rules set by GDPR not only apply to data that will be collected after the law has been implemented in place, in fact, any previously collected data will also follow the same rules laid down by GDPR. So, in order to get maximum gain and user consent, companies need to meet the requirements set by the GDPR.
Processing data
Once the consumer consent has been acquired, is it of vital importance to use the data for that purpose only. If you try to share the data with any third party software or anywhere else without taking permission from the consumer, you’ll face serious consequences.
For instance, if the consumer has subscribed to receive an email newsletter, you can only do that. If you take that data to analyze the activity on your website, you’ll face serious penalties. Another important thing to remember while collecting data from the consumer is to ensure safe and secure storage of that data.
This means that storing data in a way which cannot be stolen, lost, or even compromised.
If companies are keen on storing data, they are bound to use hardcore encryption methods which will keep the data safe from unauthorized access. Furthermore, this data is strictly for the purpose for which it was collected in the first place. For instance, the encrypted data cannot be accessed by any marketer to analyze the buying pattern of the consumer.
Deleting data
On a final note, GDPR will govern how companies will forego data once a relationship has been established between the consumer and the company. To help secure the data, companies must devise a plan to delete the consumer data as soon as the purpose has been met. As mentioned earlier, GDPR will only allow the data to be re-used after the consent of the consumer. For using data other than the purpose defined, the company is required to take permission from the consumer. In a similar manner, if the consumer asks for a data update, the company is liable to respond to the request within a 30 days’ time frame. Any delay and the company will have to face a penalty.
The new bond between the brand and the consumer
Because the new policy entails a systemic tweak in how companies retain and collect consumer information, marketers and brands will be on the hook for every data retention, deletion, and collection decision they make. This will translate into a surprising level of transparency on the consumer side unheard of since the dawn of digital marketing. This also signifies that internal policies and processes will need to be redesigned and rethought in order to be compliant.
In the end, GDPR is not all horns and fangs, it is about maintaining a transparent bond between the consumer and the brand. Businesses who are operating in EU can surely read the rules that are set by GDPR and demonstrate that they agree to the terms and regulations.
To wrap things up. GDPR is all about encouraging transparency & protecting the rights of EU individuals. Businesses who are willing to follow the rules set by GDPR will be able to create a long-lasting relationship with their consumers.
As a custom website agency, we have already taken the necessary measures to meet GDPR regulations. Furthermore, we grantee our visitors and customers that the data we store is solely for the purpose of selling services which customer need. We don’t sell or share any data with third-party websites or apps.
Mohammad Ali
Ashad Rehman
Chris Stone