GDPR and a framework for the future
06 March, 2018
To kick things off, a confession: when I first heard of GDPR (General Data Protection Regulation), the new rules that will change how businesses handle personal data when they come into force on the 25th May, my initial reaction was cynicism.
We'd been here before, hadn't we, with the EU Cookie Law? That particular legislation had been designed to give web users more control over the data websites could store about them - a laudable goal. But the result was 'consent overload', with nobody understanding what accepting or declining cookies meant. Everyone just continued to browse regardless, thereby consenting one way or another.
Then, as I read into the topic more, cynicism turned to stress. I realised GDPR would in fact create meaningful change in a way the Cookie Law hadn't (though it's worth noting that the Cookie Law will be changing too in May, ceasing the endless consent messaging and logically shifting the control to personal settings of browsers and applications), but I couldn't find any simple, digestible breakdowns of not just what GDPR was, but what it meant for marketers. So instead I ground my way through technical white paper after technical white paper, until eventually I reached the final stage of my emotional rollercoaster.
Because once I understood GDPR properly, stress turned to optimism as I saw the opportunities on offer, not just on a consumer level - where it will positively impact us all - but on a business level too.
Not that you'd know it, judging from some of the scare stories in the media over the past year. You expect sensationalist headlines from The Sun, but even the BBC have been speculating whether the new data laws could "end up bankrupting your company". The word "risk" crops up time and time again.
Some caution is understandable, of course: compliance isn't going to be all sunshine and roses. But in a year when transparency and honesty are on the agenda more than ever before, GDPR is an opportunity to work with these principles in mind.
Currently, there's no standardised way that companies handle, manage and process data. Some companies do it really well, others not so well. Without a common framework, though, it's impossible to know for certain. There's little transparency, so there's little trust. Ahead of us is a real opportunity for organisations to handle data with new, improved standards and establish industry best practice, becoming more customer-centric and starting to build trust for the future.
I think that can only be a good thing, because putting customer experience at the heart is something we at KISS have been doing for years. There's no point wowing clients by building the most beautiful, advanced websites, for example, if they turn out to be impractical for the average user.
GDPR is an extension of that idea. Companies will have to establish a new framework with the customer at the centre, changing how their data is collected and managed. Procedures will have to be drawn up, mailing lists cleansed and pre-ticked boxes removed. We have a responsibility for our customers' data. But we also have an opportunity to think more creatively about content strategy and marketing activity.
In other words, GDPR is about clarifying the complex - no wonder we're on board with it.
It can sometimes feel as though concerns about data are coming from all sides. Businesses worry about how GDPR will affect their operations, while users fear that their personal data is out of their hands. And while these concerns are understandable, they shouldn't be confused with the idea that nobody wants companies to have their data at all. For most people, giving out their data is actually beneficial as long as it's going into the right hands.
The buy-in we've seen with the Internet of Things is testament to that. Personally, I like the fact that my Nest thermostat has my data on all the previous temperature adjustments I've made and knows my routine, so it can learn to make adjustments itself. It's the idea of that data being sold on to random businesses without my knowledge that's worrying, or the prospect of getting spam emails from a thousand people I've never heard of because my name had found its way on to their purchased mailing lists. But as long as I trust Nest to handle my data responsibly, the positives are clear.
GDPR should mean more of the benefits and less of the worry. This will end up being good for consumers, who get more of the beneficial side of data and less of the annoying stuff. For example, supermarkets know our purchasing behaviour and use that historical data to keep us 'loyal' in multiple ways. This keeps us tied to brands more often because it's easier for us over and above seeking the best deal. However the future may result in a situation where you can easily transmit that data to a competitor. This portability will mean you're not tied to a company, have more power over your data, and have the flexibility to be more discerning with your brand loyalty.
And it'll be good for marketers too, who will have an opportunity to establish a new framework that will put their customers at the heart of what they do. I've gone from being a cynic to a believer: GDPR isn't going to crumble like the Cookie Law.