On the 25th May 2018, the GDPR regulations will come to fruition. Not only does this mean more rigorous data standards, but it also means a significant risk of hefty fines if your data management systems are not up to scratch.
Privacy is the buzz word of today’s world – and rightly so. Too much of our life is captured online, often without explicit consent, so it is only fair we have our rights protected.
Our right to be forgotten upheld.
But, what can you do when your data is not reliable enough to fulfil such an instruction? Moreover, what are the pitfalls of failing to act upon the request?
Recording Consent
How companies record consent varies to a high degree, which leads to complications when a customer asks to be forgotten. It is not uncommon for several layers of consent stretching across different organisational channels, made even more complex by unconnected data tables and cumbersome reconciliation processes.
But a primary concern lies in how you actually collect consent. It must be:
- Freely given
- Positive opt-in (so no ‘inferred from silence’ or pre-ticked boxes)
- Separate from other T&C’s
- Easy to withdraw
The first step in this minefield is mapping your collection process, as it is only in understanding the early workings of your system that you can begin to know if you are aligned with regulation. Do you know to what your customer has consented? With who you can share their information?
If not, you could fall foul of GDPR standards, and you’ll find little understanding from the authorities – just a substantial fine to pay.
Assess Data Standards
Even where consent is appropriately given, there could be potholes among the data. All too often we hear stories where data management systems are outdated, unmanaged or, quite frankly, ignored. The result?
An incomprehensible melee of duplicated records, missing entries and incomplete fields.
The issue is that, if your enterprise has ended up with duplicate versions of Mary from 49 Station Street and Mary S. from 49 Station St, you could be in line for a shock.
While you believe you obliged Mary’s right to be forgotten, you may have missed the duplicate Mary S – an expensive oversight.
Spring Data Cleanse
The good news is that spring is just around the corner; we are not far from sunnier days, longer evenings, and a happier population all around. The bad news – come spring, come GDPR.
So, it is imperative you identify any gaps, today.
Even with recently updated systems – or assumed compliance – there is every risk that legacy data will be your undoing. If data maintenance has been sub-optimal, or your data sanitisation processes were not correct, you could still be liable for a fine, despite having acted in good faith.
Most large-scale organisations have been pro-active in establishing the right protocols for data management. But, have they gone far enough?
Establishing Robust Systems
Defining proper data collection and data management solutions is one thing, creating a process to ensure long-term data integrity is another question altogether. Companies often fall back on assumptions that someone else is looking after a system, blissfully unaware it is quickly gathering dust.
Best practice involves routine maintenance, regular audits and a transparent data sanitisation schedule. Why? So that – if and when human error occurs – issues are quickly resolved.
What’s more, it’s just good practice.
It is not uncommon to see a Data Protection Officer on the Org. chart of any modern business. Their primary responsibility revolves around data cleanliness – an invaluable role in a world where every company must rinse their information dry if they are going to maximise profits; while staying on the right side of the law.
Failing a senior data officer, identifying a data ambassador at least ensures one member of your workforce has accountability, averting any groupthink that ‘someone else’ was looking after it.
Path to Success
While such process reviews can seem laborious, you’ll be surprised at just how much money clean data can save – or earn, even. No more wasted budget on direct mail campaigns going to non-existent recipients; only actionable insights thanks to reliable information.
So, Tell Me: What’s the Cost!?!
In short, it falls within the highest tier of administrative penalties, levelled at:
A fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher.
The choice is yours – as is the risk.
Want to Learn More?
The new GDPR regulation will present a challenge but needn’t create a headache. To understand more about what it means for your organisation, why not watch our recording of our webinar “How to make your Data fit for GDPR”.
