It’s one month post GDPR enforcement and aseven now when I keynote at events, speak on webinars and so on, many in the audience are still concerned at the challenges, the barriers to marketing and selling, and the risks of not being GDPR compliant. Businesses are still bogged down with the potential negatives of the law that they can’t see any positives.
But there are positives. As citizens we all have data on ourselves being stored in an increasing number of systems and by a growing diversity of businesses across the globe, not just in your own country or the EU.
1. The bluntest GDPR pro for the average member of the public is the automated cleanup of email subscriptions and reduction in email marketing. If you’re anything like me, you get a lot of emailsto your inbox that you actually don’t want. You plan to unsubscribe, but now is not a good time. You hit delete, the moment passes,the next mail arrives and you repeat the pattern.Thanks to GDPR you have to OPT-IN to emails and I’ve been auto unsubscribed from all those pointless ones. The clean-up job was done for me and automated. The mad rush to be clean for GDPR was felt days before it hit as I was bombarded with emails asking me to opt in if I still wanted email notifications.
2. GDPR is driving a far greater awareness across all companies of their responsibility to protect the data they hold on their customers, employees, members and users. This is only a good thing. It will not prevent data leaks and breaches, it will not change the world overnight, but it will make us more secure and reduce the risk of negligence, data leaks we do not hear about, and give accountability for when a company does fail.
3. GDPR gives far greater power to the individual of whether they want to be included in new data lists or to be removed from existing ones. Previously companies have opted you in by default and that opt in has included you to all their sister, subsidiary and affiliate companies. No longer.Now, all boxes must be unticked, and if they want to share with other firms/lists, those partners must be displayed with separate boxes for you to tick. Add to this that you can request, for free, that any company tells you what data they hold on you (SAR- Subject Access Request) and you have the right to ask them to forget you, meaning they MUST delete all data they hold on you including data on backups, ie truly forget they knew about you! The exception here is where they can demonstrate a legal requirement to keep the data for example. So don’t think you can go request those prison records to be deleted!
4. Under GDPR, any organization suspect to a data breach must report it to the authorities by law within 72 hours. Previously, how many data leaks have gone unreported?! We can only imagine, but this stops now at least in the EU and the UK. What does it mean? Well, you are now going to find out if your data has been leaked/breached and the authorities may then take action and impose a larger fine than we have seen before. The benefit to you (if there is one of having your data leaked) is that you will be able to take civil action on the back of a company being found guilty of leaking your data. So, sit back and wait for the ‘had an accident at work’ lawyers to unveil their new ‘has your data been affected’ approaches and cash right back in!
5. Another benefit of all of this is that social media will increasingly become king (or queen) for customer communications and engagement. Consent is granted by definition that the user chooses to come view your stream and follow it. They opt into your feed and opt out of their own accord being governed by the social platform. We have already seen companies killing their email newsletter and offers and moving it to social and expect to see an increase in this as the growth of spend in millennials and the Z generation increases.