By Jon Cano-Lopez, CEO at REaD Group
It’s hard to believe it’s already been a year since GDPR’s implementation, but things have calmed down considerably in the interim and overall, we are in a much better place. In the last 12 months consumers have become more informed about what their data is used for and equally businesses are paying more attention to the legitimacy of their data and its use and applications. Importantly, companies have started to be much more considerate of the consumer perspective – understanding that a simple customer complaint could lead to financial penalties and reputational damage.
Clarity from confusion
As the GDPR is a principles-based regulation, there has been a considerable amount of confusion in the market as there are some aspects that have no fixed parameters. However, grey areas such as the reasonable amount of time that data should be retained are starting to reach consensus, resulting in self-imposed best practice being seen in the industry. We will undoubtedly see some of these currently accepted norms change in the future as a result of newly published guidance and based on the outcome of audits.
It is becoming normal for our clients to request documentation to evidence the legal right to use the data we provide – and in a transparent and easy to understand format. This will ultimately ensure that data collectors who are fast and loose with their due diligence are removed from the market, which is good for consumers and for the data industry.
Not just about consent…
Reassuringly, people have begun to realise that there is more to the GDPR than consent, or more generally ensuring that you have an appropriate legal base for processing data. Other key requirements, such as the misuse and security of data as well as data accuracy, are starting to take the spotlight. Collecting data in a legal manner is not enough – it must also be retained legally. Data must be respected as a valuable asset, and as it decays so rapidly it must be kept up to date.
As an industry, data quality is something we have always wanted to be recognised at board level – and GDPR has made this a reality.
Standing out from the crowd
It’s encouraging to see that companies and brands are really understanding the importance of giving consumers choice. Companies must now try and appeal to an increasingly discerning and aware audience, which means that finding ways to distinguish from competitors has never been more important.
Consumer communications have changed almost beyond recognition in the last decade (it’s astounding that the law hadn’t been updated since the DPA in 1998!). Similarly, PECR is also more than 10 years out of date and falls short of answering the complex legislative challenges encountered in today’s marketplace. GDPR was, for this reason, desperately needed.
Data elevated to board level
With an increasing number of businesses investing in DPO’s and CDO’s, data and governance is finally being raised to board level. Shortly after GDPR was introduced, many well-known brands ceased using data altogether for fear of doing the wrong thing. The majority have now resumed, but this has meant that scrutiny and assurances over the provenance of data have become even more vital.
Only the beginning
It’s important to realise that GDPR is only the beginning – the ePrivacy regulation (ePR), expected to come into force next year, will address much needed change in digital communications legislation. In tandem the two regulations should ensure that consumers are more informed and trusting of how companies are using their data, as well as ensuring that businesses are using data responsibly.
We can all take heart in the fact that, one year on, GDPR is no longer being seen as an inconvenience or a box to tick, but as an opportunity and a change for the better!