In the age of heightened data privacy awareness following the introduction of GDPR, businesses need to be ready for the influx of data access and erasure requests that they might face. To meet these demands in a time-efficient way, humans and technology must work together and ongoing compliance with GDPR needs to become part of a business’ daily operations. But just what will this look like and what does the future hold for the business community - and marketing and customer services teams in particular - in a post-GDPR world?
Overwhelmed and underprepared
Since the introduction of GDPR there has been a sharp increase in the number of complaints to regulators across Europe and people are now starting to think a little more about how a business might be using their personal data. This means companies must be ready to quickly respond to various requests from customers. They may ask:
- What kind of personal information do you have about me?
- Why do you have this information?
- I’d like to see a copy of all the data you have on me
- I want to be forgotten
Some of these requests are hard. For instance, completely forgetting someone from all systems. Most systems are designed to not forget things and almost every business will keep backups. Forgetting means forgetting everywhere. Can you even find all the places where you have data on a person?
Looking at the nightmare scenario, a business might be barraged by requests from the public demanding the right to access and erase their personal data. If the company fails to respond in a timely way, they run the risk of hefty fines. Businesses will need to put in place processes to tackle incoming queries, and ensure timely follow-up and resolution. A system needs to be put in place to manage requests and make sure they don’t go unanswered. Response is not just a matter of customer satisfaction. It’s the law.
Harnessing technology to meet the challenge
Technology can play a big part in helping businesses to navigate the GDPR journey. Using an automated system to capture all data requests helps companies manage the influx of customer queries, and means inbound requests can be constantly monitored.
Automation also helps companies efficiently retrieve information requested by customers, especially if they hold multiple forms of data on the customer. For example, businesses that receive requests to erase customer data will need technology to ensure the masses of information they have on each individual can all be found and erased. Any missed data could lead to gaps in compliance and fines.
The human touch point is vital
In the midst of compliance regulations, a company still needs to run day to day. People may want to be forgotten, but a business also needs to maintain accounting records, tax information, and other legal data on its customers. GDPR allows for this. But technology by itself cannot be relied upon to determine which data can be erased, and which data businesses are otherwise required to keep.
Technology can only go so far with capturing and filtering queries; the system then needs help to decide the right action. Enter a human. The Data Privacy Officer steps in and makes a judgement call as to which information a business must keep, and what can be erased.
Humans and technology must work together to ensure compliance with the new regulations. Automating some of the processes will better equip a business to respond efficiently and effectively to customer data requests.
Using GDPR to improve the customer experience
In the era of the Internet and instant globally visibility, businesses depend even more on delivering a great and consistent customer experience. Companies should take advantage of the need to comply with GDPR to understand their customer journey, to have true visibility on the customer data they hold, and to improve their overall customer experience. The more information known about the customer, the more tailored the experience can be. Customer data is needed to personalise the experience, and GDPR lets businesses maintain that data. Companies should put that data to good use now, and use GDPR as an opportunity to finally finish that customer journey or personalisation project that may have been on hold.
There’s no more room for excuses! Businesses need to automate their GDPR processes now. As GDPR becomes better understood, the potential for more automation grows. But for the foreseeable future humans need to make key judgement decisions alongside their technology systems. Ultimately, GDPR is a great opportunity to galvanise a business and automate existing processes. Using technology to help employees become more efficient and keep the business aligned with the new regulations, will ultimately lead to strengthened client trust and relationships.