Customers, brands & data protection officers

The new love triangle consists of customers, brands and data protection officers.

You’re intrigued, aren’t you? Admit it! What an earth has ‘love’ go to do with data protection? After all, you wouldn’t think a data protection officer (DPO) is an object of desire? Well, think again!

According to the latest research by the International Association of Privacy Professionals (IAPP) we’ve a shortage of these super human women and men. In the UK, there’s a shortfall of about 8,000 DPOs needed to service the needs of public and private sector organisations. And if you fancy becoming one - and yes, it’s very well paid too! - then drop me a line and enrol on our GDPR Programme at Henley Business School. This could be the start of something very special.

But today I want to share with you a few insights into the love triangle includes you as the customer.

The digital landscape has changed, and brand owners must re-wire their relationships with their customers as a result of the higher standards of data protection, privacy and security brought about by the GDPR.

It reminds me of the song by Canadian rocker Bryan Adams: (Everything I Do) I Do It For You.

This kind of sums up what the GDPR is all about.

It’s about the individual. It’s about ‘loving them’ and putting their rights, freedoms and interests before even our own selfish commercial interests and certainly not acting in any way to cause harm or damage when processing their personal data.

And it doesn’t matter whether we are the client, the boss or the employer in this relationship or a third party that’s used to process the customer’s personal data.

As customers, we’re entitled to expect so much more from these relationships.

When processing your personal data, companies have to provide you with clear information relating to the use of your data and this includes:

  • For what purposes your data will be used
  • The legal basis for processing your data
  • How long your data will be stored
  • With whom they’ll share your data
  • Your basic data protection rights
  • Whether your data will be transferred outside of the EU
  • Your right to lodge a complaint
  • How to withdraw your consent if you have given it
  • The contact details of the company responsible for processing your data and their data protection officer if they have one

And on top of all this, the information can’t be in legal gobbledygook and must be presented in clear and plain language.

It’s worth remembering that personal data of customers can only be collected and processed for a well-defined purpose.

When collecting your data, a company must tell you what purpose your data will be used for. And they must make sure that only relevant data is processed, and the data isn’t kept for any longer than is absolutely necessary.

In truth, if a brand owner can meet these and other global standards in data protection, privacy and security, then they’ll be able to deepen digital trust in order to do more – not less- with our personal data.

Ardi Kolah LL.M is Director, GDPR Programme, Henley Business School and author of The GDPR Handbook, published by Kogan Page (£49.99).

About ardi.kolah


Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.