The General Data Protection Regulation

Transcription

1 May 2017 The General Data Protection Regulation Are you ready? Amaze

2 The GDPR - Are you ready? The General Data Protection Regulation (GDPR) is set to transform the UK and Europe s data protection and privacy laws. Consumers will have new rights. Brands will have new responsibilities. And organisations will face stiff penalties for compliance failures. Here, Amaze, together with Amaze One, examines what the GDPR is, what its changes mean for you, and what you need to be doing now to become compliant. 2

3 What is the GDPR? On 25 May 2018, the GDPR comes into force in the UK. It will replace 1995 s Data Protection Directive. The primary objectives of the GDPR are to give consumers control of their personal data, to strengthen and unify data protection for individuals within the European Union (EU), and to simplify the regulatory environment for international business by unifying regulations within the EU. What does this mean for me? The GDPR will formalise concepts such as the right to be forgotten, data portability, data breach notification and accountability. It also addresses export of personal data outside the Any personal user data that you store will be affected, even if it s stored anonymously. GDPR will mean you ll need to make changes to the tools and processes you use every day, including (but not confined to) the following: Web analytics Tag management tools Media tags CMS Tags Personalisation CRM database EU. Organisations falling foul of the guidelines face fines of 20m, or up to four percent of global revenues. As a regulation, the GDPR does not require any enabling legislation to be passed, and it will be unaffected by Brexit. GDPR is coming. Yet right now, under 50% of businesses have taken any steps to ensure they are compliant. If that includes your organisation, start addressing GDPR now. 3

4 The GDPR opportunity It s easy to think of GDPR compliance as a big burden underpinned by big sanctions. We prefer to think of it differently, because complying with GDPR can bring a range of benefits: Build loyalty: GDPR makes consumer consent an organic, ongoing and actively managed choice, not simply a one-off box to tick. It forces marketers to be more dynamic, and should result in more productive, long-lasting relationships. Grow trust: Data, if used respectfully and efficiently, can help build trust with your prospects and customers. Challenge convention: Compliance does not automatically mean that customers will opt in to your marketing. GDPR forces us to revisit and redesign better customer experiences. Improve value: How do we make the trade of personal information worthwhile? GDPR encourages us to deliver a better value exchange across the digital estate. Get more, valuable data: Why not use the requirement to contact customers and prospects to renew consent as an opportunity to get more of the right data, and reconnect with lapsed audiences? What does this mean for me? It s critical you think about the digital goals you have set for the next 2-3 years that rely on data and align GDPR compliancy with these activities in particular personalisation, site optimisation programmes & CRM strategies. It forces marketers to be more dynamic, and should result in more productive, long-lasting relationships 4

5 Effects of GDPR GDPR redefines personal data, confers new rights (or reasserts existing ones) on consumers, places new responsibilities on brands, and introduces major penalties for non-compliance. Rights Governance Informed: the right for transparency over how personal data is used You must have a legal basis for collecting and processing personal data Access: the right to know data is held, and the right to access it Rectification: the right to correct inaccurate or incomplete data Processing high volumes of data? Appointing a Data Protection Officer is mandatory You must demonstrate accountability Erasure: the right to be forgotten Portability: the right to copy, transfer or move data from one environment to another Parental consent: required for processing children s data Equality: users should not be given a second class service (or be otherwise penalised ) for opting out Impact assessments are essential where privacy risk is high Equality: users should not be given a second class service (or be otherwise penalised ) for opting out Data controllers must report breaches within 72 hours Definitions Penalties Personal data now includes the following identifiers: Genetic 4% of annual global revenue or 20 million, whichever is greater Mental Cultural Economic Social 5

6 7 big questions for your business 1. Do you have a comprehensive view of all the digital data you collect and its role in your digital strategies? How are cookies used to support your platform s technical functions and optimisation strategies? 2. How do you apply data? Profiling, matching, appending or sharing? What is covered in your privacy policy? 3. What s the true state of your customer contactability? 4. What channel strategy do you need to adopt for optimal results, and how will this impact your digital platforms and roadmaps? 5. How should you ask customers for consent? 6. What can you offer in exchange for their agreement? 7. What will be the financial impact of differing levels of consent in the future? 6

7 We ll help you prepare for GDPR If you re worried about how your organisation measures up to GDPR, our experts can help. Amaze One s consultants can ensure your data has compliant processes surrounding it. And Amaze can ensure that, from website to banner ads to direct , your digital estate is best placed to respond to and benefit from GDPR. Emma Nicol Paul Carysforth Client Services Director, Amaze Head of Data Intelligence, Amaze GDPR doesn t have to be the scary elephant in the room. See it as a great opportunity to explore new technology, data and creativity and you could be reaching and engaging customers in ways we ve never dreamed of previously. The new GDPR regulations are not rash, as they help eliminate poor marketing which is of value to neither consumers nor marketers. Marketing now needs to take a rational look at all of the options available for engaging with customers and prospects alike. Sarah Hooper Paul Normington CRM Director, Amaze One Creative Director, Amaze One Customer trust comes from having a clear value exchange at the heart of your CRM strategy. When you ignore customers needs, you re teaching them to live without you. 7

8 GDPR checklist 1. Awareness All key decision makers understand the implications of GDPR You know the financial impact differing levels of consent will have on your business in the future 2. Information You know how and where you collect data You know how you apply it (e.g. profiling, matching, appending or sharing 3. Privacy Your privacy policy is compliant You know which privacy policy and opt-in each customer has signed up to and when You have implemented Privacy Impact Assessments (if necessary) 4. Authority You have appointed a Data Protection Officer and Data Controllers If you operate internationally, you know which data protection supervisory authority you come under 5. Processes Your data processes match the new rights of individuals You have processes in place for: a) handling amend, transfer, access or delete requests b) verifying ages and/or gaining parental/guardian consent You have implemented the required procedures for detecting, investigating and reporting data breaches 6. Legal Basis You have documented the legal basis for the data you hold 7. Opt-ins You have agreed how you will ask customers for consent You have reviewed what you can you offer in exchange for consent 8. Communications You know what channel strategy to adopt for optimal results You have considered how you use GDPR to your benefit, e.g. by personalising more effectively or asking for new data on a large and detailed scale 8

9 We ll help you prepare for GDPR Worried about how your organisation measures up to GDPR? Our experts can help. Amaze and Amaze One are part of the St Ives Group of Companies, a global community of digital expertise. Together, we are uniquely positioned to help you prepare for GDPR. Amaze is a leading, full service digital marketing, technology and commerce consultancy. We like to look past boundaries between countries, media channels and especially services - to deliver integrated solutions right across the digital spectrum from strategy to solution design and global implementation and ongoing optimisation. Our thinking is truly global, with solutions live and supported in over 100 countries including in 28 languages for an impressive client list that includes, Emirates, Walmart, Lexus, Toyota and Unilever. 9 CRM Agency Amaze One, is a collaboration between digital marketing consultancy Amaze and the data-driven know-how of Occam. Together, Amaze One unites forty years of original thinking in digital and data marketing into one powerful approach to CRM. This approach creates communications built on unique insight; communications that stand out by being out of the ordinary. It s an approach that drives profit through engagement. 9

10 Disclaimer: The advice and recommendations provided by Amaze and Amaze One as part of GDPR Are you ready? (the guide) are based on Amaze One s interpretation of UK laws and Information Commissioner s Office ( ICO ) guidance at the time of creation. Whilst Amaze One s interpretation of such laws and guidance is based on a reasonable knowledge and understanding of the subject matter, Amaze One is not a provider of legal services and its advice and recommendations do not constitute legal advice. Amaze One accept no liability for losses that arise as a result of the provision of false, misleading, inaccurate or incomplete information or documents. Followers of the guide agree that it remains responsible for applying its independent business judgement to evaluate any advice or recommendations provided by Amaze One as part of the guide and for obtaining appropriate legal advice where necessary. 10