Stop The Scare Tactics! How You Can Benefit From The GDPR
Ever since the new EU General Data Protection Regulation (GDPR) entered into force in early 2016, the amount of seminars, webinars, whitepapers etc. from law practitioners and others has increased steadily, feeding on the buzz and doubt created by the GDPR.
(To be fair, this post is not any different - except that it is distinguished by a positive approach. Something that can’t be underestimated these days.)
Scary phrases like “fines upward of 20 million euros” and “4 percent of annual turnover” have been the number one argument for leveraging the awareness of personal data compliance for C-suites and board rooms worldwide.
And so far, it’s been a success - mostly because by now, most companies are aware of the GDPR, its applicability from 25 May 2018, and the potential fines it can impose. However, what’s often set aside are the benefits that the GDPR will create.
So rather than taking the widely-used, more authoritative “stick”-approach, I will now focus on the “carrot” of this situation.
(Before we dive in, I’d just like to point out that this post is the first of two blog posts that will address those legal aspects of digital and data-driven marketing that are most relevant for you.)
Why is change necessary?
Before the GDPR, the personal data protection rules were divergent and inconsistent across the EU’s 28 member countries. This resulted in a fragmented legal environment, with legal uncertainty and unequal protection for individuals.
This fragmentation has been a costly administrative burden that made it hard for many businesses (particularly in the small/medium segment) to expand their operations across the EU. This, in turn, blocked economic growth.
Even worse, a trust issue existed and still exists: Europeans today are concerned that they don’t have control of their personal data (especially online). So those businesses that fail to adequately protect an individual’s personal data, and process it in a transparent and compliant manner, risk losing that individual’s trust.
And this trust, particularly in the online environment, is vital for businesses.
What is the GDPR all about?
The new General Data Protection Regulation introduces one, single, simpler, clearer, technologically neutral and “future-proof” set of data protection rules across the EU. In practice, this means cutting the red tape of the current fragmented patchwork of personal data rules.
With this regulation, the personal data of individuals in the EU will be secure, and their fundamental right to data protection respected by all parties. Most essentially, the GDPR will help build trust - something good for both individuals and businesses.
This trust will enable and encourage consumers to engage with innovative technologies and purchase online, confident that their personal data will be protected. The increased demand for privacy-friendly products and services will foster new investments, the creation of new jobs and release the EU single market’s potential to provide a greater choice of goods and services.
This increase in economic activity will, in turn, also help businesses grow to their full potential within the EU single market.
The GDPR will thus be an enabler for Big Data services in the EU by promoting the adoption of principles such as data protection (by default and design), enhancing transparency, fostering consumers’ trust and boosting fair competition in a globalised world. Not to mention the creation of a level playing field for all businesses active in the EU single market (regardless of whether a business is established in the EU or not, it will have to apply the GDPR should it offer its services to/in the EU).
All this comes down to one thing: the GDPR will actually provide an advantage (to some extent) for EU businesses in global competition, as they will be able to offer their customers assurance, backed by a strong regulation, that their valuable personal data will be treated with care and diligence.
So what’s in it for me?*
*(as described by the management consultant)
Quite a lot! If you comply with the GDPR adequately and effectively, you’ll have the possibility to achieve breakout performance compared to your competitors, owing to you having a competitive advantage. You’ll have what the Boston Consulting Group calls the “Trust Advantage”: meaning that your consumers will entrust you with more data (compared to your competitors), which will lead to better online recommendations, more accurate targeting, faster development of new products and services, and several other benefits to you and your customers.
In light of the above - and taking into consideration that the value of Europe’s personal data is estimated to grow to nearly 1 trillion euros annually by 2020 - the GDPR isn’t a burden: it means business. (Even if most people currently preaching about the GDPR are keeping this a secret.)
You’ve got my attention! Where do I start?
… Do you think I’ll just give you a straight answer? Ask your nearest law practitioner about the chances of that happening!...
That said, the most logical approach for getting started is to look into the information provided by your local data protection supervisory authority on the subject. (You can find links to most of them here.)
Generally speaking, the websites of the local authorities supervising data protection are very informative. Many of them also provide checklists to let you begin your GDPR compliance work and make a gap analysis.
If there’s no checklist available on your local data protection supervisory authority’s website, my personal preference is the ICO’s (UK) “Preparing for the General Data Protection Regulation (GDPR) - 12 steps to take now” document.
(Please note that if the the UK’s Data Protection Act doesn’t apply to your company, you should disregard it!)
In my upcoming blog post about the most relevant legal aspects of digital and data-driven marketing, we’ll dig into “Personal Data” (as well as other things), to understand the basics and build a foundation for your GDPR compliance. If I’ve held your attention this far, I hope you’ll stick around for the next post! (Sign up for our APSIS More newsletter so you don’t miss out.)
If you want to dig even deeper into the legal landscape of data-driven marketing as well as the new rules and regulations concerning personal data management in the EU, I'll recommend you to get a copy of "Personal Data".
Anders Hilmansson is a Legal Counsel at APSIS. If you want to learn more about the legal aspects of data-driven marketing, check out his earlier blog posts here and here!
This blog post is for inspirational and informational purposes only and does not constitute legal advice nor shall it be construed, or relied, on as such. APSIS accepts no liability for any losses incurred as a result of any reliance made on the information contained herein. APSIS reserves all right to the content of the blog.