According to a statement from the European Commission VP Andrus Ansip and commissioner Vera Jourová, the EU’s long-awaited data protection reform is set to be unveiled at the end of this year. However, it seems that awareness of GDPR and what it means for businesses is still lacking. According to survey of European IT professionals, carried out by Ipswitch, more than half of respondents (52 percent) stated that they’re not ready for GDPR and more than a third (35 percent) admitted that they didn’t know whether their IT policies and processes were up to scratch.
Although GDPR may not come into force until 2017, it will impact all businesses that collect, process and store personal data, which is defined by the EU as:
Any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, your bank details, your posts on social networking websites, your medical information, or your computer’s IP address.
For brands, and marketers in particular, GDPR brings with it some drastic changes in how data is processed that need to be prepared for now.
A key topic that sits at the heart of the changes is trust. Trust between organisations and consumers needs to be re-built. People are concerned about their personally identifiable information (PII) being used without their consent – a fact thrown into the limelight by The 2015 TRUSTe US Consumer Confidence Index. The survey revealed that a huge 91 per of people avoid companies that do not respect their privacy. The GDPR’s predicted shift to what is being called ‘pseudonymous’ data will be key to rebuilding this bridge. All Personally Identifiable Information (PII) is removed and replaced with a randomly generated ID key.
Such privacy-first approaches to consumer data are the future of analytics and targeting. With social data in particular, there is now a shift in the market towards anonymous, aggregated data that provides insights and trends for marketers, but protects user identity.
In preparation for the GDPR, here are seven key principles that companies should consider when processing and analysing human data:
Consumer trust comes first, so be transparent
Companies must handle personal data responsibly and be transparent about what the organization is doing with human data. Giving people clarity as to why, what and how data is collected and used puts them in control. With the growth of social and internet-connected devices, providing visibility as to what’s happening with people’s data is becoming increasingly important
Ethics - know the difference between “can” and “should”
Trust is the hallmark of social data analytics and the consumer should always be front of mind when it comes to analysing this data - what can and should be done are two different things. The unethical use of personal data can quickly erode trust, damage customer relationships and result in significant brand damage.
The digital footprint we make through social media, mobile and blogs can’t be processed as public data. Companies need to adhere to the terms of service set out by providers. Explicitly respect the terms of service for each and every social network, ensure individuals stay in control throughout the value chain and eliminate data propagation
Adhere to data governance and retention requirements
Data retention is related to transparency. All companies involved in human data analytics need to adopt an active policy that defines data retention limits and periods. This policy needs to be reviewed regularly to ensure that it is keeping pace of changes in the business, social network terms of service and the law
Big insights come from aggregated, anonymised data
Human data analytics doesn’t have to contain personally identifiable information (PII) in order to create valuable insights. In fact, aggregated and anonymised data enables marketers and brands to gain a more in-depth understanding of their audience and the market as a whole
Build “small insights” for consumers through opt-in
Social logins are now commonplace, with numerous brands enabling users to quickly register and log in with their existing social identities, such as Facebook, Google, or Twitter. The small insights that can be derived from this and other human data enable better personalisation, product recommendation, and a better user experience. The keyword here is permission - the consumer needs to be in control
The message is simple and clear: Human Data analytics should never include those below the age to consent. The Children’s Online Privacy Protection Act and other legislation prohibit unauthorized disclosure, use and dissemination of PII regarding minors
A privacy-first approach to human data analytics is good for everyone and great businesses are built on the currency of trust. Consumers are becoming increasingly concerned about how their information is used and these concerns are being taken seriously by social networks and governments worldwide. As the unveiling of the EU’s GDPR approaches, marketers and brands should consider following the principles above to stay ahead of the curve. Companies don’t have to become slaves to process, they simply have to adhere to the regulations.