Yes, you read that correctly...
We read recently that there’s been over 59,000 data breaches reported in the EU since GDPR came into force in May 2018. With the risk of being fined the equivalent to 4% of annual global turnover, or €20 million (whichever is greater), it is enough to strike fear into the hearts of business owners and marketers alike. It has even been referred to as ‘existentially threatening’.
As an individual, it’s hard to argue with the principles behind it- GDPR requires organisations to ensure the processing of personal data is lawful, fair and transparent. This means that data processing should only be conducted for legitimate purposes and the data subject should be aware of how their data is being handled, stored and used at all times. Personal data can only be used for the legitimate purpose for which it was collected, and once that purpose is fulfilled, it needs to be deleted. It sounds super simple.
How did we prepare?
When GDPR came into force in May, we prepared tailored recommendation/audit for each of websites we support- a website is the external representation of an organisation and often integrates with other digital activity, such as email marketing, social media, and newsletter sign ups, so it shouldn’t be overlooked.
We also completed an internal audit of our processes and systems, in order to ensure we weren’t putting our clients data at risk, given that we are a data processor in the majority of instances. The result is a comprehensive document which outlines any potential risks, and the steps we have taken to mitigate against them. I’m not going to lie, it took ages, and I was over the moon when a client actually asked to read it, but the point I’m trying to make that it isn’t nearly as bad as the scaremongering would make you believe.
An opportunity for efficiency.
Whilst the new regulations carried an inevitable amount of administrative effort (I speak from personal experience), the feedback from the majority of our clients has been that it actually provided an opportunity to refine their operational processes and highlight improvements to the way they gather data, helping them to become much more cost effective as a business. In larger organisations especially, data was being held in so many different formats, across so many different departments and systems, that it was never actually being assessed or providing any actual value at all.
To this point, we’ve heard first hand from clients who were worried about the negative impact it would have on their on targeted marketing- businesses have seen their newsletter lists slashed, and the fear is that this will translate to a loss of business or income, but the hard truth of the matter is that if people didn’t opt in, they weren’t reading it anyway!
GDPR has forced companies to have more meaningful interactions with their customers. After all, it is better to have engaged readers and this means the marketing efforts can be better targeted and are ultimately more effective.
Yes, it sounds scary and onerous, but it also provides a lot of opportunities, it seems, to anyone willing to embrace it. Therefore GDPR should be seen as a unique opportunity to be innovative with the way businesses engage with their customers in the digital sphere. By swapping fear for excitement, businesses can lead the way in providing true value for users.
If you would like to discuss the work we’ve undertaken to adjust our Data Protection policies for GDPR compliance, or to get advice on what you need to do, please get in touch– it’ll make Jenny’s day.