The Journey Toward GDPR Compliance
Main Areas of Coverage
Some of the concerns around the modern use of personal information include; who can / should be able to access personal information, the accuracy of the information itself and transparency regarding the collection and storage of this information.
The GDPR came to be because of the disharmony caused by the hodge-podge of variances between data legislation for each EU member state. The EU wanted to be able to make data rights unified. This has many upsides. Consider your web server hardware residing in another country. Under the GDPR, transmission of this data and the legal mandates of its security are simplified. Also the drive towards giving people control back, from an individual standpoint, has to be considered a massive positive. You will notice that you are now able to stop websites recording your personal data across the board, by changing the settings in your internet browser.
What Actually is the GDPR
Well, the General Data Protection Regulation comprises of 99 Articles and 173 Recitals. The Articles spell out exactly what you can and can’t do. These are The Rules. On the other hand, The Recitals give a more readable sense of what the GDPR is trying to achieve. In this course we talk heavily about the “Spirit of GDPR”. By complying with its intentions, rather than trying to find some technicality or loophole, you will find the journey to GDPR compliance much more achievable. But also by understanding and complying with its spirit, you are future-proofing your business.
GDPR has been created with the practicalities of business in mind. But, it has been crafted so that large organisations cannot profit from nefarious data-mining practices. Most of the “bad advice” out there focus purely on the Articles, misinterpreting things like Legitimate Interest (which we will come on to later,) and they do not pay enough attention to the Recitals. When understood properly, compliance with the GDPR needn’t harm your bottom line. In fact making your customers aware that you respect them and their data is an opportunity to forge stronger business relations. Hell, woven into your sales copy, the principles of GDPR can make for great marketing. Communication of your enthusiasm for following the central tenants of GDPR needn’t appear as obstructive legalese.
So Who are the Watchmen?
Depending on which EU member state you are in, there is a Data Protection Authority responsible for upholding The Articles of the GDPR. The Information Commissioners Office (ICO) is the Data Protection Authority for the United Kingdom and our Information Commissioner is Elizabeth Denham. CNIL is the supervisory authority for France, and Germany’s BFDI made global headlines when they took on Google and won.
So as you can see, GDPR has evolved as our use of technology has evolved. Businesses that are already adhering to best practices and conforming to earlier regulations like the Data Protection Act of 1998, will not need such a drastic overhaul in terms of bringing themselves inline with GDPR compliance. In reality, its been a while since we have all had such motivation to review our businesses practices. So again, this is an opportunity to lay some foundational groundwork, that not only assures future compliance, but also an opportunity to improve your businesses practices as a whole.
Do your employees feel their privacy is valued? Are your customers happy with the practices you have in place? Do they feel valued? How do you gather leads? As prospects move through your process to turn them into customers, do they feel that you are trying to develop a relationship founded on trust? Or do they just feel that they are on some kind of automated email treadmill designed to extract money from them? Explaining WHY you want to know their interests or preferences IS an opportunity to warm them to a future offer, without resorting to hard sell. (More on this as we discuss techniques for marketing in a GDPR Climate.)