3 steps to prepare for and thrive after the GDPR deadline
Posted on by Katie Hook
Estimated read time: 9 mins
The General Data Protection Regulation (GDPR) is almost upon us and at its core is transparency and customer interest. In a world where data helps drive businesses forward, it’s so important to build trust with customers and ensure that they know how their data is being collected, and why.
The GDPR applies to all business in the EU that collect, store and process personal data. It’s important to remember that business data can also be personal data, for example a sole trader’s email address may also be their personal email address. If you do collect, store and process customer data, it’s in your best interest to be aware of the GDPR and take action. The businesses who are able to build trust and be transparent with customers, will be the ones who thrive in the new GDPR era.
Despite the GDPR deadline being just months away, it seems that only 7% of businesses feel that they are ‘very prepared’, with most claiming they are ‘somewhat ready’ or in fact ‘not at all’1…
It’s hardly surprising. The EU’s General Data Protection Regulation isn’t exactly an easy read and may prove difficult to fully digest and translate into the practical steps that need to be taken.
So, we thought we’d do that for you! In this post, we’ll be pulling out some of the key points to be aware of AND what you can do in your own business to ensure that you too are ‘very prepared’ when the May 25th deadline arrives.
Keep customer interests at the core of your business
This after all, is the key theme and purpose of the GDPR. As more and more of our lives are spent online, consumers are being asked for more data than ever before. A recent Experian survey found that 49% of consumers are prepared to give their data to brands they trust, while 69% were happy for brands to use their personal information to send them discounts on products and services that they really want2.
In view of this, the GDPR really does present a huge opportunity for businesses to step up and really stand out when it comes to protecting their customers’ data and being transparent about what it’s for.
To ensure that you’re keeping your customers’ interests at heart, you’ll need to ask the following questions:
• Are you using information in a way that people would reasonably expect?
• Does your approach to using and storing data have any adverse effects on your customers?
• Do your customers know how their details will be used?
There is then a three-step process that your business can go through to ensure that your data management is faultless in the new GDPR world….
1) Investigate: Review your current processes
Whether you already have robust data management processes in place – or whether they are non-existent, you should take this opportunity to thoroughly review the flow of data and where changes need to be made.
Classify data types
This is an important step which will allow you to identify what personal data you’re collecting and to separate it from other data types.
Map data flow
It is very helpful to document how data flows through your business – especially where it is distributed to other EU countries or those outside the EU. Being able to see the full flow allows you to identify potential risks and areas which may need closer attention.
Identify risks to data privacy and quality
If you do see areas where your customers’ data could be at risk either due to lack of security or poor quality control, then this too should be documented and of course, acted upon.
Review third party relationships
Make sure that those you work with are also ensuring the proper management of your customers’ data. The first step is to ask them what they’ve done to prepare for GDPR.
We’ve already discussed the importance of building customer trust by being transparent about what you will use their data for. With the GDPR, this becomes law so check the key areas where you’re communicating with customers to make sure that you’re telling them everything they need to know. These might include:
• Privacy policies
• Data collection points (such as call centres, landing pages and sign up forms)
• Customer emails
2) Improve: Optimise your data management processes
Now that you have a clear view of your current processes and any risks they highlight, you are in the perfect position to improve and optimise. Robust data management will not only assist with your compliance to the GDPR, but will also help you to build customer trust and to be more efficient as a business.
Develop a 360 customer view
It has never been more important to be able to identify any touchpoints that your customers have with your business so that these can be pulled together to create a cohesive thread. A common way to do this might be to create unique Personal Identification Number (PIN) for each customer. This would be used across all systems and departments to identify each unique customer’s interactions.
Adopt policies and processes which reflect the key themes of GDPR
What better way to ensure that your data management is in keeping with the GDPR than to build your processes around it? Create a new framework of compliance and governance policies which cover:
• Integrated privacy policies
• Security procedures
• Data retention procedures
• Data sharing / vendor agreements
• Data transfers
• Data Protection Officers’ reporting lines and privacy by design
• Routine audit, training and cultural awareness
Assign resource and training
Consider if any new data roles, such as a Data Protection Officer, are required in order for you to fulfil your obligations and make sure that your staff are given any necessary training required for them to be compliant. The Information Commissioner’s Office (ICO) have a range of resources available to help you get started.
3) Integrate: Create a new, data conscious culture
Creating a real change in your business requires more than just new policies and procedures, it requires a change in the very culture so that the interests of your customers and their data is a driving force in all you do.
Create a responsive data breach plan
Search Security define a data breach as “a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. Data breaches may involve personal health information, personally identifiable information, trade secrets or intellectual property.”
Show that you truly value your customers’ data by ensuring you are completely prepared should the worst happen.
Invest in IT that will support robust data management
You’ll need systems which can cope with the demands made by the GDPR, such as customers’ rights to portable data and for their data to be erased. Ensure you ask your IT suppliers how they have adapted and check that their systems are ready.
Invest in customer service
People (or data subjects) have always had the right to request and correct their personal details, but under the GDPR they now also have the right to be informed what their data will be used for and request its deletion under certain circumstances. Make sure that you are prepared to receive and deal with these new requests.
Build customer transparency into your brand voice and communications. Make it the norm to let your customers know what you are doing with their data and why.
Conduct Data Protection Impact Assessments (DPIA’s)
Also known as Privacy Impact Assessments, these are a tool which the GDPR promotes and in some cases, requires. They are certainly good practice when it comes to identifying and resolving risks which may lead to non-compliance.
To find out more about the GDPR and how you can prepare, download our free guide today.
Experian B2B Prospector can help you keep on top of your data management with services such as data cleansing, email address validation and Telephone Preference Service (TPS) checking. Speak to an Account Manager today by phoning 0870 012 1111 or by visiting Experian B2B Prospector.
Please note that while we can support businesses with their preparations for the GDPR, we cannot offer legal counsel or compliance advice and this blog should not be considered as such.
1. Experian / Data IQ , General Data Protection Regulation – Identifying its impact on marketers and the consumer’s moment of truth, 2016
2. Experian/Consumer Intelligence ‘Data Preferences’ Survey, 2016