('I Love GDPR' playlist courtesy of Popjustice (https://open.spotify.com/user/popjustice))
The new European Union’s General Data Protection Regulation (GDPR) is the main reason behind these emails.
“But we’re not in the EU!” I hear some of you say. Well, every single company around the world that has ever dealt with EU residents – or may deal with them in the future – is expected to comply with this regulation from its enforcement date: 25 May 2018. Otherwise, companies may face hefty fines in the order of 4% of annual global turnover, or €20 Million (whichever is greater).
Importantly, the concepts of ‘consent’ and ‘privacy’ are cornerstone in the GDPR. From now on, ‘consent’ must be given for any processing of personal data via the use of an easily accessible form in plain language (i.e. as opposed to an illegible ‘Terms and Conditions’ document), and this consent must be as easily withdrawn as it is given. Equally, ‘privacy’ now includes the concept of data minimisation – only the data absolutely necessary for the completion of duties – when processing customers’ personal details.
So, what does this mean for communication professionals? We have the responsibility to advise the business and educate departments such as IT and Legal to ensure that our privacy policies are thoroughly reviewed and updated. Notwithstanding, the main purpose of this should not be just to avoid the huge non-compliance fines. Ensuring that appropriate consent is given and respecting the personal data of our customers is the right thing to do from both an ethical and moral perspective.
I personally believe that we should take this opportunity to ‘do the right thing’ and build a better relationship with our stakeholders in the process. By embracing the principles of GDPR, our companies might find a new and powerful way to increase people’s trust and respect, feel more confident, and enhance our reputation in the marketplace.
(These are my own views and opinions on this matter. This article is not intended as legal or professional advice.)
PS. And here's a thought-provoking GDPR case study on Santa's data collection practices.