Helping firms address GDPR
Even with so little time until the biggest change in data protection since the introduction of the Data Protection Act (1998) comes into force on 25 May, many firms are only just beginning to realise they will be affected and need to act quickly.
Having hosted numerous General Data Protection Regulation (GDPR) training sessions over the last six months, we have heard just how confused the general business community is. They are struggling to come to terms with the implications of the new regulations. With call times to the Information Commissioner’s Office (ICO) helpline reportedly reaching hours, confidence in compliance is low.
A common ask from businesses is for confirmation they are Gdpr-ready, though this indicates a “finishing line” and one doesn’t really exist when it comes to data protection. Most businesses we speak to are frantically implementing a re-consenting programme to safeguard existing databases;. However, the problem exists in what we are asking consumers to consent to. As technology progresses, we do not know the opportunities (as marketers) available in even the most immediate future. As re-consent is required every time a new “use” for data is proposed, the industry could witness slower uptake in future Martech (marketing and technology) opportunities.
Data portability and guaranteed consent will continue to prove troublesome as we navigate the early days of GDPR. We drive the way our clients not only use but collect personal data thus blurring the lines between processor and controller and bringing with it a host of liability issues.
It’s not all bad news, however. Businesses who have taken steps to map where they currently collect and store data can streamline processes and conduct a strategic review of their marketing and communications operations.
We suspect the new regulations will be tested (and clarified) in the courts, with a few high-profile cases offering some clarity.
Whilst the ICO and their fines of up to €20 million, or 4 per cent of annual global turnover (whichever is higher) is scary enough, most businesses fear the burden of ongoing datamanagement and their responsibilities to respond to public requests, with some opting to delete data and look for simpler communication channels.
For the public, I predict that, apart from receiving a multitude of re-consenting e-mails, little effect of the regulations will ever be felt or understood. I also believe that it is the “manon-the-street” that businesses should fear, rather than the ICO, as the core purpose is to put control over personal data back into the hands of the individual. With such a lack of understanding, businesses are going to spend a lot of time responding to information requests that will prove burdensome for even the biggest of businesses. Fraser Kirk, head of publicity at independent marketing and PR agency Volpa