#TwitterChat: Privacy Awareness is always Good for Businesses – Demystifying GDPR
There has been a dramatic transformation in the way we communicate and our handling of everyday tasks. We do everything online. We send emails, buy goods, store documents, pay bills, all by entering our personal data. But what happens to all these information that we have shared online? These data include banking information, social media posts, your personal photos, contacts, addresses even your IP address and the sites visited by you. Companies collect data to serve you better, for a better customer experience but is that all they use these data for? The big question was thoroughly discussed by EU and they came up with a solution. On the 25th of May 2018 a new European Privacy Regulation, GDPR will be imposed and it will permanently change the way data is collected, stored and used. If you do not have a plan to be ready for GDPR, it is high time now. We hosted a Twitter chat on Privacy Awareness is always Good for Businesses – Demystifying GDPR’ where Chris Smith, Head of Operations at PORT (@smithcjb1989) and Matt Rutherford, Head of Customer Success at 9 Spokes (@mattr) as our panelists. A lot of deep insights came into focus. Let us quickly go through the interesting discussion. A1 – GDPR – General Data Protection Regulation – is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 1: A step to bring privacy regulation in line with the digital age! The UK's current privacy regulation was made law in the same year Google was founded! #DigitalSuccess @indusnettech @mattr — Chris Smith (@smithcjb1989) May 22, 2018 A2: the biggest challenge we faced around #gdpr is the quantum of confusion and misinformation floating around. I think of you respect privacy, just organise your committment around a framework and you are sorted. Not sure if I am over simplifying it.#DigitalSuccess — Abhishek Rungta (@abhishekrungta) May 22, 2018 A2 – Primary problem – understanding the rules. There is a LOT of (mis)information about, so make sure you check the source by visiting the ICO website : https://t.co/BsvJRdt0JB or the European – https://t.co/8edrSR2nTn site #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 They have a range of challenges! For #SME and #Enterprises the biggest issue is often the data mess they currently have with legacy data and systems making keeping track of personal data a real challenge #DigitalSuccess @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 A3 – Using a tool might be more comprehensive and speed things up for you – but assess this against your risk-profile, needs and exposure. #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 3: Lots of tools like @MailChimp and @HubSpot are also releasing other smaller bits of functionality that will help a business operate in a compliant manner. Do check them out but remember that alone won't make you compliant #DigitalSuccess #GDPR @mattr @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 A4 – Products and services will need to be designed with privacy in mind. Privacy by Design brings many benefits – no least of which is those trustworthy organisations will have a competitive advantage #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 4: #GDPR puts greater emphasis on accountability so in terms of a documented strategy we should be seeing more. More than that though, data protection should be central to organisations – get it wrong and businesses could lose out #DigitalSuccess @mattr @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 A5 – Not EVERY organisation needs a DPO – although public authorities do, and any organisation that is involved in systematic monitoring of individuals, or activities relating to criminal convictions #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 5: However, even if an official DPO is not a legal requirement, having a named and accountable individual internally I would say is pretty much a must #DigitalSuccess @mattr @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 A6 The GDPR definition provides for a wide range of personal identifiers to constitute personal data, inc. name, identification no., location data or online identifier, reflecting changes in technology and the way orgs collect information abt people. #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 6: It's any information that can be related directly or indirectly to an individual. Importantly this does now include digital identifiers such as IP address #DigitalSuccess @mattr @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 A7: My only concern is that, the terms and conditions on website and services may be crafted such that #GDPR loses it's purpose. But the opt-out can is certainly a big relief. #DigitalSuccess — Abhishek Rungta (@abhishekrungta) May 22, 2018 You need new practices : 1. New opt-in permission rules / 2. Proof of consent storing systems / 3. A method for consumers to ask for their personal information to be removed. #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 A7 – Email marketing under GDPR essentially means that, as an email marketer, you need to collect freely given, specific, informed and unambiguous consent. #DigitalSuccess @indusnettech — MattR 👓 🇺🇦 (@mattr) May 22, 2018 Answer 7: The big issue at the moment is one of consent. This is why your inboxes are cluttered! The criteria for consent have become far more strict and much marketing won't be able to take place without legitimate consent #DigitalSuccess @mattr @indusnettech — Chris Smith (@smithcjb1989) May 22, 2018 Answer 7: Whilst it's cluttered inboxes for now, it should mean more engaged groups of individuals on mailing lists who really want to hear from brands and interact with them #DigitalSuccess @mattr @indusnettech #GDPR — Chris Smith (@smithcjb1989) May 22, 2018 A8 – There are some specific GDPR specialists who are looking at HR. I'd recommend starting with a checklist like