GDPR One Year Later: Differences, Similarities, and Lessons Learned
In 2017, The Economist stated that personal data has outpaced oil as the most valuable resource in the world—and it has only become more valuable since GDPR. Nearly a year ago, the E.U. enacted the General Data Protection Regulation, or GDPR. Jackson Lewis explains, “In short, the GDPR aims to protect the ‘personal data’ of EU citizens–including how the data is collected, stored, processed and destroyed.” Businesses use customer data in many ways, from demographically-specific marketing campaigns to individual customer outreach, and GDPR forced more careful thought around who owns the data, how it is being used, and how to respect customer privacy. Explore this article for more information, updates, and lesson learned on GDPR one year later.
Let's circle back to data: who owns customer data, businesses or customers? In the United States, the answer is still being sorted out, but in Europe they have decided—it is the customer. This new set of rules state that businesses must:
- Use simple language to explain how they handle data
- Get explicit consent from consumers before utilizing data collected
- Provide customers with copies of their data or delete it entirely upon request
- Report data breaches in a timely manner
American companies scrambled last year to comply with the new GDPR regulations, and those that failed are beginning to pay heavy fines. Google, for instance, was just fined a record €50m earlier this year. In preparation to these regulations, major companies like Apple and Facebook have created new tools for people to control and delete their data.
However, a year into GDPR’s implementation, things are generally running smoothly. According to IAPP’s survey, organizations have bulked up their privacy teams, tackled the hard work of implementing GDPR programs, though there is admittedly still work to do. And while there have been more than 95,000 complaints from citizens to the Data Protection Authority (DPA) since May, most of the complaints, according to Lexology, revolve around telemarketers, video surveillance, and other invasive practices.
One major improvement that’s surfaced because of GDPR? Transparency over data breaches. In 2018, companies self-reported just 1,700 data breaches, while experts estimate that total will be around 36,000 breaches reported in 2019. Across Europe, according to a survey released last month by law firm DLA Piper, nearly 60,000 breaches were reported during just the first eight months of the GDPR.
Indeed, GDPR has been better for marketers than they initial feared. In the last year, online data collection tools, such as data orchestration systems, have emerged to help companies organize, parse, and disseminate data to GDPR compliance in ways that are easy and cost effective.
GDPR also allows companies to reframe and rejuvenate their image. Responsible and profitable companies use data collected for the benefit of the customer—communicating with them when they want, in the format they want, with messaging that is relevant to their needs. But customers have to trust that their data is being used responsibly. The populace is becoming more aware of how their online footprint is being used, and stories such as the misuse of Facebook’s user data by Cambridge Analytica has made people wary of a company’s stewardship of their information. In fact, according to a study by TRUSTe/NCSA, “92% of US internet users worry about their privacy online,” “89% say they avoid companies that do not protect their privacy,” and “60% think online privacy should be a human right.” Trust is paramount.
So, how do companies balance using data to improve business and respecting customer privacy?
First, a company must be upfront with their community on how data is collected and how it is used. Companies should also offer a clear and easy way for people to opt out of some or all of their data collection practices, even if their business does not fall under GDPR law. According to a recent Lineate survey, 75% of respondents were “fine with data collection” if a brand first got their permission (45%) or gave them something in return such as a special offer or free service (30%).
Providing privacy, value, and relevance is the only way to ensure a loyal customer base. Therefore, it is imperative that a company has the proper tools to easily remove any information from users that opt-out. One simple solution is to utilize a data orchestration platform. As Lineate writes in its white paper, “By taking better control of your own data and centralizing it in one place, companies can more easily track customer data preferences, segment audience by consent behavior, and garner insights that help inform the best way to approach customers with GDPR-compliant activities and messaging.”
Lineate’s DataSwitch data orchestration platform allows companies to have granular control of their data, meaning they can utilize (or erase) data in ways that exceeds their customer’s privacy needs. Because while data may be the most valuable resource in the world, it is practically useless if you don’t have a customer’s trust.
If you would like to learn how to organize your data to ensure GDPR compliance, with Lineate’s own Data Orchestration tool, DataSwitch, reach out on our contact us page.