When a deal seems too good to be true, beware – there’s often a sting in the tail, as demonstrated by recent issues over the sale of personal data, says Barbara Elson, leading UK customer data and CX expert
Before the anarchy that is the internet, personal data was a prized commodity, conscientiously managed by specialist direct marketing agencies. Not only was the cost to acquire, manage and store data high – but most direct marketers thought about data in terms of real customers and knew that its misuse would be a catastrophe both for their brand and the business. And so, as with anything of value, rigorous security and compliance processes were put in place to keep the data safe.
Now every business is awash with data – a byproduct of the haphazard world of digital. Companies without the tradition or skills in data management have become data holders by default.
Data’s cheap and ubiquitous and the idea that personal information belongs to real people has been lost. This is a state of affairs that the EU hopes to change through new legislation. From May 2018 the EU Data Protection Regulation (GDPR) will give ‘citizens back control over their personal data…’
And don’t think Brexit, whenever and however it happens, is going to make this new legislation go away – it’s here to stay. Worse than untangling the new red tape are the penalties if you don’t get data compliant. The current Data Protection Act caps penalties at £500,000, with telecom giant TalkTalk receiving the biggest ever fine of £400,000. But under the EU GDPR, fines will rocket into the stratosphere and may be as high as Euro 20m or 4% of your global revenue – whichever is higher.
Of course every organisation needs to worry about the fines, but they also need to think about the very negative impact that abusing their customers’ trust has on business.
With horror stories of personal data being mis-traded at 4p a pop headlining on national news channels, fuelling a populist backlash, customers are finding their voice – and its angry.
Lodging a complaint with the Information Commissioner is just a click away at ico.org.uk – a website full of info on big name brands that have fallen foul of the DP Act. Seeing a favourite charity listed on the site having been fined £20,000 for data abuse, might just make folk think twice about donating – and why would anyone trust their information to a high street bank with a track record of losing customer data?
So if your organisation acquires customer data through your marketing, you need to think about getting your data ‘ducks in a row’. There are five main areas of compliance that you’re going to have to master before April 2018, which in summary are:
- What customer data does your organisation hold and how is it stored?
- Can you prove that valid consent has been obtained from individuals to use their personal data for marketing?
- Could you, if asked, remove a customer’s personal data from your organisation’s systems? Do you have, or will you be able to implement, breach detection technologies to avoid the all-too-familiar security issues faced by the likes of TalkTalk?
- And if the unthinkable happens, will your organisation be able to roll out a Breach Notification Plan, which will inform the authorities of any data loss within the statutory 72 hours?
Hopefully your organisation is ahead of the game, but for many there’s much work to be done. Get going now and start with an audit of your data assets. Without that initial picture, you’ll be walking in the dark. Then move to recruiting people with the right skills to get good data practice operating throughout your organisation.
Once you’ve got it sorted, sit back for a few minutes and enjoy the warm satisfaction that you’re in a good place. You’re complying with the law, your brand reputation is well protected, but most importantly, you’ve done the right thing by your customers. Just like any friendship, treating your customers (and their personal info) with respect is the key to building loyal, long lasting – and profitable – relationships.
Barbara Elson has spent many years advising on data issues and was a director of leading loyalty company, DunnHumby. She can be contacted at www.linkedin.com/in/barbaraelson