At the end of May, the balance of power will shift towards consumers when thinking about how companies store and use their personal data. The new GDPR rules mean that companies will need to change the way they handle data or face serious consequences.
Over the last few days, the news has been full of headlines about how Facebook has shared data on its users with Cambridge Analytica. One product of this story will be an increased focus on privacy and data handling, and just in time, a European privacy law is arriving that will restrict how personal details are stored and used.
From May 25th, companies will need to be clear and concise about how and why they collect personal data, and what they use it for. Consumers will be allowed to access data that companies store about them, correct inaccurate details and have the right to limit data used by algorithms.
It’s a European law, protecting individuals in 28 member countries, even if the data is processed elsewhere. That means GDPR will apply to all of the global tech companies that store your data and track you across the web.
Penalties for failure to comply are high, with up to 4% of a companies turnover at risk if rules are breached. The first litigation in this space will be very interesting.
So what does GDPR mean for Customer Teams?
GDPR impacts any organisation that handles personal data, pretty much every business will be affected. Customer facing teams will need to be highly prepared and aware of the risks. Typically, the kind of data controlled by GDPR is stored in your CRM or Incident tracking system, which needs to be able to collect and store data in a compliant way.
Here are my thoughts on how to approach this:
Across the company – top to bottom, GDPR counts!
Firstly, it might be that Customer Service is at the frontline of this problem, but GDPR concerns the whole company and needs support from the top to the bottom. Engage the key stakeholders from across the business, including the boardroom and ensure that everyone understands the impact and potential penalties for not complying.
Know your data
Spend time really wallowing in your data. You would do it (I hope) to solve a customer journey issue or get insights from your customers – but now you need to really understand WHAT data you are collecting, how it is used and who has access to it. Only by completing this exercise will you truly know the issues you need to tackle.
This takes effort and real man-hours to do, but in doing so you’ll set yourself up for success.
Know the GDPR rules, know who can help!
GDPR applies even in a small business where customer information is held in a database. Given the risks of non-compliance, it seems logical that if you find issues you’ll need to solve them quickly. However, if you don’t feel you have the knowledge or support it may be worth going out to find some expert assistance in the problem. There are plenty of resources online, but my recommendation would be to start on the Information Commissioners Office website and work from there – all the appropriate rules and regulations are there.
The GDPR rules come into play at the end of May, and with attention currently heightened there will be no shortage of people testing the rules during customer interactions. I think there may also be ‘bad actors’ who think that exploiting the regulations would be a good way to do reputational or financial damage to companies.
Whilst these concerns may seem remote, they are also very real. It’s time to get working on your GDPR compliance strategy.If you are starting to think about GDPR now, it's time to really drive hard to get ahead of the legislation coming in at the end of May. Click To Tweet