There has been a dramatic transformation in the way we communicate and our handling of everyday tasks. We do everything online. We send emails, buy goods, store documents, pay bills, all by entering our personal data.
But what happens to all these information that we have shared online? These data include banking information, social media posts, your personal photos, contacts, addresses even your IP address and the sites visited by you.
Companies collect data to serve you better, for a better customer experience but is that all they use these data for?
The big question was thoroughly discussed by EU and they came up with a solution. On the 25th of May 2018 a new European Privacy Regulation, GDPR will be imposed and it will permanently change the way data is collected, stored and used.
If you do not have a plan to be ready for GDPR, it is high time now.
We hosted a Twitter chat on Privacy Awareness is always Good for Businesses – Demystifying GDPR’ where Chris Smith, Head of Operations at PORT (@smithcjb1989) and Matt Rutherford, Head of Customer Success at 9 Spokes (@mattr) as our panelists. A lot of deep insights came into focus.
Let us quickly go through the interesting discussion.
A1 – GDPR – General Data Protection Regulation – is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 1: A step to bring privacy regulation in line with the digital age! The UK's current privacy regulation was made law in the same year Google was founded! #DigitalSuccess @indusnettech @mattr
— Chris Smith (@smithcjb1989) May 22, 2018
https://twitter.com/abhishekrungta/status/998934099120218112
A2 – Primary problem – understanding the rules. There is a LOT of (mis)information about, so make sure you check the source by visiting the ICO website : https://t.co/BsvJRdt0JB or the European – https://t.co/8edrSR2nTn site #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
They have a range of challenges! For #SME and #Enterprises the biggest issue is often the data mess they currently have with legacy data and systems making keeping track of personal data a real challenge #DigitalSuccess @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
A3 – Using a tool might be more comprehensive and speed things up for you – but assess this against your risk-profile, needs and exposure. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 3: Lots of tools like @MailChimp and @HubSpot are also releasing other smaller bits of functionality that will help a business operate in a compliant manner. Do check them out but remember that alone won't make you compliant #DigitalSuccess #GDPR @mattr @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
A4 – Products and services will need to be designed with privacy in mind. Privacy by Design brings many benefits – no least of which is those trustworthy organisations will have a competitive advantage #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 4: #GDPR puts greater emphasis on accountability so in terms of a documented strategy we should be seeing more. More than that though, data protection should be central to organisations – get it wrong and businesses could lose out #DigitalSuccess @mattr @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
A5 – Not EVERY organisation needs a DPO – although public authorities do, and any organisation that is involved in systematic monitoring of individuals, or activities relating to criminal convictions #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 5: However, even if an official DPO is not a legal requirement, having a named and accountable individual internally I would say is pretty much a must #DigitalSuccess @mattr @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
A6 The GDPR definition provides for a wide range of personal identifiers to constitute personal data, inc. name, identification no., location data or online identifier, reflecting changes in technology and the way orgs collect information abt people. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 6: It's any information that can be related directly or indirectly to an individual. Importantly this does now include digital identifiers such as IP address #DigitalSuccess @mattr @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
A7: My only concern is that, the terms and conditions on website and services may be crafted such that #GDPR loses it's purpose. But the opt-out can is certainly a big relief. #DigitalSuccess
— Abhishek Rungta (@abhishekrungta) May 22, 2018
You need new practices : 1. New opt-in permission rules / 2. Proof of consent storing systems / 3. A method for consumers to ask for their personal information to be removed. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
A7 – Email marketing under GDPR essentially means that, as an email marketer, you need to collect freely given, specific, informed and unambiguous consent. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 7: The big issue at the moment is one of consent. This is why your inboxes are cluttered! The criteria for consent have become far more strict and much marketing won't be able to take place without legitimate consent #DigitalSuccess @mattr @indusnettech
— Chris Smith (@smithcjb1989) May 22, 2018
Answer 7: Whilst it's cluttered inboxes for now, it should mean more engaged groups of individuals on mailing lists who really want to hear from brands and interact with them #DigitalSuccess @mattr @indusnettech #GDPR
— Chris Smith (@smithcjb1989) May 22, 2018
A8 – There are some specific GDPR specialists who are looking at HR. I'd recommend starting with a checklist like this one : https://t.co/Y7BUNWqCE1 #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 8: Quite a few – although not an expert. Personal data should only be kept for as long as necessary and for the reason it was held. So details of unsuccessful job applicants should be deleted at the end of any recruitment process, #DigitalSuccess @mattr @indusnettech #GDPR
— Chris Smith (@smithcjb1989) May 22, 2018
A9 – Regarding ‘sensitive personal data’, processing photographs is not included as sensitive data unless it holds biometric data for the purpose of identification #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 9: Fairly simply, yes they do. What impact this will have in practice seems a bit of a grey area to me at the moment #DigitalSuccess @mattr @indusnettech #GDPR
— Chris Smith (@smithcjb1989) May 22, 2018
A10 – My very simple steps – know your data, know the rules, move fast and ask for help if you need it. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
A10 – My very simple steps – know your data, know the rules, move fast and ask for help if you need it. #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 10: Able? Again, for the vast majority yes. The larger and more complex a business the more difficulty they will have, but with effort and intellect it can be done #DigitalSuccess @mattr @indusnettech #GDPR
— Chris Smith (@smithcjb1989) May 22, 2018
A10 – FInally, I'd highly recommend seeking counsel and guidance if you are at all concerned #DigitalSuccess @indusnettech
— MattR (@mattr) May 22, 2018
Answer 10: And further down the line the principal of data portability could open some very exciting possibilities for the businesses that have won and maintained the trust of individuals #DigitalSuccess @mattr @indusnettech #GDPR
— Chris Smith (@smithcjb1989) May 22, 2018
Simple but important questions about #GDPR are answered as a part of #DigitalSuccess #TwitterChat. Indeed a great session. We profusely thank all the participants for sharing their thoughts.
We look forward to having such more power-packed session in the future on #DigitalSuccess
