Today - 14 Feb – marks 100 days until the introduction of the EU’s GDPR, a regulation that will radically change the way organisations around the globe have to manage personal data.
On 25 May, any organisation that conducts business in or with the European Union will be expected to be compliant with GDPR or face the prospect of significant fines. But while the ICO has downplayed the notion that major fines will be dished out for minor infringements, or that maximum fines will become the norm, it is perhaps the implications that non-compliance could have on customer trust that are of most concern.
Customer trust in enterprises continues to drop and a public rebuke for poor handling of personal data could do significant damage to brand reputation.
As it stands, Forrester estimates that only 33% of North American companies are fully compliant with GDPR, 29% in Asia Pacific and Latin America, and only 26% in Europe. Clearly, more work is still required at the majority of organisations. But it is worth reiterating that GDPR shouldn't be viewed as a compliance challenge, but as an opportunity to improve marketing practices, and embed new corporate habits around engagement. Done right, everyone could benefit.
With 100 days to go, MyCustomer has pulled together a hub of content around the topic of EU GDPR compliance, to help guide you and your organisation towards the 25 May deadline.
But in the meantime, here are some of the key questions you must be asking yourself in the countdown to compliance:
- What actions do we need to take to ensure compliance? For those of you playing catch-up, here is a reminder of the ICO's12 step path to compliance.
- What positive implications can GDPR compliance have to our marketing? Read this report to learn how organisations can capitalise on work towards GDPR compliance to embrace the values of permission-based marketing and reap the benefits that this brings.
- Do we need to repermission customers for consent? Read this article to find out how to know if you need to repermission your customers for consent to continue using their data.
- If we need to repermission our customers, how should we do it? This article shares best practices on running a repermissioning campaign.
- What is legitimate interest and have we got it? GDPR indicates that organisations can continue to lawfully process personal data from their existing database (i.e. without repermissioning) if they can demonstrate “legitimate interest”. This article examines what constitutes “legitimate interest” and how can organisations find out whether their use of customer data qualifies as “legitimate interest”?
- How will GDPR impact the third-party data market? What will the regulation mean for the purchase and use of third-party data for marketing? Read this piece to find out.
About Neil Davey
Neil Davey is the managing editor of MyCustomer. An experienced business journalist and editor, Neil has worked on a variety of newspapers, magazines and websites over the past 15 years, including Internet Works, CXO magazine and Business Management. He joined Sift Media in 2007.