This year, GDPR became four letters that every business and employee knew about. We are now five weeks into the GDPR, and according to an article on realbusiness.co.uk, companies across the UK are already making mistakes when it comes to GDPR – whether by misunderstanding or misinterpreting the legislation, or by hiding away from their requirement to turn GDPR-compliant. As all businesses are more than aware of, GDPR is here to stay and there is still plenty of time to fix any mishaps or issues that may be rearing their heads.
Firstly, we are over-complicating the GDPR. One of the core principles of the GDPR is to give individuals control over their data and to allow them to make clear and informed decisions about how companies use their data. However, in an effort to be fully compliant, many companies are actually giving people too much information, written in the very best of legalese.
Instead, businesses need to be clear, open and concise about what data they are using, what they are doing with it, and why.
Offline to online
According to the article, it is still common practice in some industries to collect data by asking consumers to write their name and address on the back of coupons or vouchers. If this information is subsequently data captured, businesses need to clearly state that this will be the case, and how this data will be used once turned digital.
Missing the basics
The new GDPR contain key differences, particularly in obtaining consent and assessing what data is considered “personal”.
Default to opt-ins are no longer allowed (i.e. “tick to not receive e-mails”) and consumers are now required to tick a box, or to formally opt-in to receive e-mails.
Third party data
If personal data is being shared with another company, this will now require the agreement of the individuals involved.
Anything that includes personal data that you are analysing – for example to review content, products or assess drop-off on the path to purchase – will need explicit and informed consent.
What should business be doing?
Businesses need to think ahead to ensure that they identify the purposes for which they will collect and use data, who else will be involved, why they hold that data and that they are clear with the consents that are requested.
Finally, the article rounds-off with this all-important point – businesses need to think long-term. Being GDPR complaint isn’t a one-off project, it’s about fundamentally changing the way businesses think about data collection and how it is used.