Did You Say GDPR?

Digital, Featured 2018-04-27

In May, the General Data Protection Regulation, GDPR will affect how companies handle customer data. Our planning intern, Flovia Busato discusses what the regulation is, and how it will affect businesses.

Since the launch of digital and social media, the perception of brands and products has completely shifted. Prior to this, companies were focused on the product, whereas now there is more emphasis on building strong relationships with clients. In Philip Kotler’s latest book, Marketing 4.0, he confirmed that it is no longer about the AIDA model: Attention, Interest, Desire and Action. The customer path has changed, and now we have to deal with the 5A’s – Awareness, Appeal, Ask, Act and Advocate – fitting perfectly with the customer journey of today.

Since we use data in our strategies, this new approach of marketing has emerged for a simple reason: the better you know your customer, the more likely it is you can give them what they’re looking for. Indeed, when you can offer what the customer wants, their brand loyalty will increase. This is the reason that personal data is so important to companies; it holds the key to the best customer experience.

However, the big question now facing clients is: “what do brands really do with my data? Do brands use it to build a better customer journey for me, or will they sell my data onto other brands?”

These questions currently remained unresolved. But the creation of the European privacy regulations, which will come into force on May 25th, the GDPR (General Data Protection Regulation) will answer these concerns.

With the GDPR date fast approaching, companies across Europe are wondering how to change their data processes and policies accordingly, and how to inform their collaborators of the changes.

That’s why after consulting plenty of blogs and official documents, we are providing you with the full Notch run-down, explaining exactly what you need to know about GDPR.

First of all, a quick definition:

Put simply, the GDPR is a legal framework that sets out the principles of data management (for example: collecting and processing sensitive data) and the rights of the individuals within the European Union.

What does “sensitive data” mean?

This term refers to personal data – all information that can be used, directly or indirectly, to identify the person. This includes a person’s name, photos, email addresses, bank details, posts on social networking websites, medical information, or computer IP address.

Who is affected?

The GDPR will have a global impact. Every sector that processes the personal data of EU residents must adhere to these regulations. With regards to the latter, some B2B marketers do not believe their sector will be impacted because the GDPR did not specify whether it is about B2B or B2C data. However if the data states the person’s name, address or number then this confirms the processing of personal data and the GDPR will apply.

The data subjects’ rights:

Infografic GDPR_TB edits

Controllers and Processors

Because of these new regulations, companies must think about creating new roles to control and process all data. These will include:

Data Controller – someone who determines the purposes for which and the manner in which any personal data are to be processed.

A data controller is responsible for the purpose of the data and controls why and how data is processed and ensuring that all personal data for which they are responsible for complies with the Act. Contact must be maintained at all times with the Data Processor to ensure that they follow his instructions and comply with the GDPR.

Data Processor – any person who processes data on behalf of the data controller.

A data processor may store data, do market research or even payroll companies. A record of the processing operations must be maintained at all times, and security measures must be put in place to prevent data breaches. If this data is vast or sensitive, a Data Protection Officer must be employed.

What is a “personal data breach”?

A data breach is an action that impacts the security of the customer’s personal data. This includes loss, alteration, destruction or unauthorised disclosure of data, either accidental or deliberate. When a Data Controller notices a breach, action must be taken within 72 hours to report it to the Information Commissioner’s Office with the following information:
– A description of the personal data with the categories and number of individuals / personal data records concerned.
– A description of the data breaches with the real or predicted consequences and the measures taken.
– The contact details of the Data Protection Officer or the person who can share the information requested.
Additionally, if the data breach includes a high risk to the rights and freedoms of an individual, the company must inform who is concerned as soon as possible.

Why it is important to comply with the GDPR:

Whether or not an organisation wants to be GDPR-compliant, the regulation stipulates that fines of up to 20 million Euros or 4% of a company’s global turnover can be issued. This threat alone emphasises how prepared companies must be and stresses how important it is that internal operations and processes are organised well in advance of the deadline of 25th May 2018. If you are looking for further information on the imminent GDPR regulations, we have listed some useful links below.

ICO – Key definitions of Data Protection
ICO – The Rules around B2B Marketing and the GDPR
SuperOffice – What is GDPR?
ICO – Preparing for GDPR
Microsoft – GDPR – an opportunity
Bird&Bird – A guide to the GDPR
ITPro – What is GDPR?