Top Reasons your Business Should Love GDPR

 

 

Is your business GDPR compliant? If you are a business owner, I sincerely hope you are not still asking, ‘what is GDPR?’ because the new General Data Protection Regulations came into force on 25^th May. You will no doubt have received many emails from companies asking you to opt-in to their mailing lists or to update your preferences. That is just the start! When you consider the fact that GDPR has many more components for which businesses must formulate policies, strategies and processes, it can be easy to feel that the new regulations are bad for business.

If you are not fully GDPR-ready yet, you are not alone as very few companies are going to be fully compliant on May 25th. Arguably lack of understanding of what GDPR is, what we must do to comply and the way GDPR can help our company are some of the reasons so many enterprises have not taken the right steps to meet legal their new obligations. I will outline the elements of GDPR in a nutshell in this post and then highlight the six reasons businesses should be welcoming the new ways of working because GDPR ultimately helps our clients while at the same time improving our companies to build trust and much more.

What is GDPR

GDPR is best seen as an enhanced version of the Data Protection Act rights that have existed for years, since 1998 in fact, but with teeth! So why do we need it? Take a moment to think back to the world when the data protection laws were last updated in 1998.

These technologies that were brand new in 1998 should take you back.

 

 

–

                                        Nokia 3310, The 1^st Apple Mac & the Sony Mavica FD71 digital camera – top tech in 1998

 

Just as technology has massively evolved, the 1998 data protection rules have become unfit for purpose in the digital age. The Data Protection laws have been wholly ineffective in giving consumers any control over how businesses collect and use their information. We have all experienced the limitations of the Data Protection Act in these ways:

• Spam phone calls we receive daily
• Unsolicited Emails filling our inboxes with no way of stopping them or unsubscribing.
• Businesses assuming our permission by burying our supposed consent in wads of Terms and Conditions.
• Businesses selling our data to third parties without our knowledge.
• Companies holding information about us that they use for covert profiling online and offline – think the Facebook and Cambridge Analytica scandal
• Companies compromising and losing our information in data breaches and not telling us – think Ashley Madison and many more reported HERE.

Arguably, many companies have been committing criminal activities with our data and there was nothing we could do about it or hold them to account. It is to everyone’s benefit that GDPR seeks to redress the balance by giving us control, access and transparency regarding the information businesses hold about us, how they use our information and to whom they can provide our information.

GDPR covers two types of our data:

• Personal data – any information about a person that can identify them including name, phone number, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people
• Sensitive data – particular categories of personal data that when processed, can uniquely identify an individual and can be used negatively against that person racial or ethnic origin, criminal convictions, sexual orientation, genetic data, and biometric data

GDPR stipulate that businesses must implement these steps:

1. Awareness
2. Information you hold
3. Communicating privacy policy
4. New rules for getting consent
5. Age barrier for data collection to be lifted from 13 – 16 years of age
6. A requirement to delete data not being used for the original purpose
7. The ability for data subjects to revoke consent to data processing
8. Rights for data subjects to access, amend and request deletion of information
9. 72 hours to notify breaches to regulators
10. Large data controllers to appoint DPO
11. All data ‘controllers must register with the Information Commissioners Office (ICO)

The cost of not complying with GDPR

GDPR is a ‘regulation’ meaning that it is EU-level legislation that must be implemented by all businesses. Furthermore, every company must adopt all of the provisions. The bite that GDPR carries is that companies face the potential of being fined 4% of their revenue (which could be thousands if not millions of pounds for medium and large enterprises) for non-compliance. The real cost of non-compliance is the fact that it is if made public, failure to comply will destroy trust in your brand. Given that consumers don’t do business with businesses they don’t trust, the potential benefits of complying with GDPR could be priceless!

 

Benefits of GDPR for business

I firmly believe that individuals and small businesses should be praising and lauding the advent of GDPR for these six reasons:

1. Level the playing field

Admittedly, mega-companies like Facebook will still be able to collect gigabytes of information about us, and the difference is that they have to tell us what they are gathering, and how they will use that information. Many people are likely to refuse to permit many of these uses. More prominent businesses have tended to collect more wide-ranging information and to be more unscrupulous in how they use it.

The same consent and transparency rules now apply to all of us whether big or small businesses. Now people can choose our small business precisely because we don’t collect and abuse their data.

2. Transparency

GDPR means we will now know the information that companies hold about us and clarity about how they will use that information. Furthermore, we can ask for companies either to delete our information or demand that they don’t use it at all. This level of transparency and control should mean that people trust businesses more with their data. 

3. Loyalty

The process of opt-in is as much psychological for individuals and businesses as anything. I will give consent to getting information, marketing and updates from you ONLY if I like your brand and believe it is in my interest to do so – that your communications help me. Furthermore, I will immediately unsubscribe from all marketing emails that I have not given my consent in the lead up to GDPR.

There’s no hiding the fact that getting subscriber opt-in means that your smaller numbers of subscribers are more likely to open and engage with the information you send them, which could lead to more purchases. What could be better than sending fewer emails, increasing your open rates and link clicks and improving your conversions?

4. Up your content game

Brands that provide useful and engaging content will get more subscribers and opt-ins. The onus on businesses to send only helpful and valuable content has never been higher; otherwise, people will unsubscribe from receiving your updates and messages.  

5. Reduce costs of massive databases and information overload

We can now only keep information that is current and that we are going to use as we specify. Keeping only relevant information reduces the cumbersome and often costly data collection and storage functions that we have blindly gotten used to over the years. For a small business, these costs can appear in paying for people, systems and services that have been:

• Collecting too much information, much of which we don’t need or use (address, DOB and ethnicity are examples)
• Keeping that colossal database that typically goes back many years.
• Protecting information for people that are mostly obsolete or inaccurate,
• Using the data to market to people who do not want to hear from us

With a smaller, cleaner database the costs for these should reduce, although one area that could see higher prices as a result of GDPR is data encryption for businesses that choose to implement these systems.

6. Devise processes to collect, manage and delete information

We have all known about the importance of obtaining information from people who have given consent, ensuring we only ask for the information we require for a purpose, protecting that information and having systems for deleting the data when it is no longer needed.

From my experience, public sector, voluntary sector, medium and big businesses are the only ones that have paid any attention to implementing Data Protection processes.

Almost overnight, GDPR has forced many small businesses to think about how to comply with the new regulations. Becoming legal means designing processes for getting consent, storing data, reviewing information, providing data subject access requests information and dealing with data breaches.

Moving forward

It is tempting to focus on the negative consequences of new regulations that bring more tasks, costs and work for your business, especially where substantial fines are threatened for non-compliance. However, there are many reasons to look at the likely benefits that GDPR implementation can bring to your company regarding transparency, a higher level of trust with consumers and implementing proper data protection processes. If you are not fully GDPR- complaint, keep working towards achieving compliance as soon as possible.

Businesses must implement some elements of GDPR must by 25^th May, for example, paying the registration fee on the ICO ‘s website to register as a data ‘controller’ if you process any personal data (there are exemptions for not-for-profit and some other organisations). It is worth bearing in mind that GDPR is not about doing everything by 25^th May 2018 – the critical thing is to start the process of getting the steps in place so that you can demonstrate that you are working towards compliance soon after 25^th May.

*********************************************************************************************************************

Contact Us

Download Our Mobile App to listen to our podcasts on the go Get Mobile App