One of the key themes to come out of World Telemedia Marbella was GDPR. While the subject was formerly addressed by UK trade body aimm at the show, it is a pan-European issue that is set to affect everyone across the telemedia community.
GDPR seeks to harmonise and revolutionise data protection rules across Europe and as such means that all records you as a business keep of customer data must be kept for a justifiable reason. If not the fines are enormous and potentially company-ruining.
With such high stakes you’d think that people would be taking this very seriously indeed. But it seems that they aren’t. According to the latest research from the DMA, one in seven companies aren’t ready for GDPR. The majority of marketers surveyed believe their organisations are on track (56%) or ahead (4%) in their plans to be compliant by May 2018, with a further 17% falling behind their current plans – up from 11% in May 2017.
The latest edition of this research, now running since June 2016, shows how awareness and preparedness has risen. Eight in 10 marketers (77%) now rate their awareness as ‘good’, while 74% described themselves as feeling somewhat or extremely prepared for the changes. However, when asked about the preparedness of their organisation, this figure dropped to just 58% believing their business was ready for the changes. This is despite 85% of businesses having implemented their plans for GDPR, which is more than ever before.
Chris Combemale, CEO of the DMA Group, said: “The GDPR is a watershed moment for organisations to make data protection a core brand value, placing respect for privacy at the heart of their brand proposition. We should use the new laws as a catalyst to transform the way we speak to customers, making every engagement human-centric. This will enable organisations to build trusted, authentic and transparent relationships with their customers.”
This is troubling as consumers already seem to be lining up to take advantage of the power to be forgotten that GDPR puts into their hands. New research shows that 9.58million UK mobile phone subscribers may submit a Subject Access Request (SAR) to their network provider after the General Data Protection Act goes live in May 2018.
The research, conducted by Exonar, a leading provider of General Data Protection Regulation (GDPR) data mapping and data inventory solutions, set out to identify what people know about how their privacy rights will change in May 2018. The findings showed that 70% of people have no idea about the changes. However, once GDPR and the term SAR was explained to them, 57% said they would raise a SAR. Among the companies people will target are their mobile network provider in 11% of cases.
So what can you do? As this week’s video shows, one starting point is to talk to aimm – no they aren’t legal experts but they can put you in touch with those that are and can start to ramp up your process.
If you have a warehouse full of paper records dating back to the 1980s, you might be better off shredding and burning them – unless you have a very good reason to keep them and can explain that. As to more recent records, this is where the problems begin. You need some of your records, but not all. In the age of the single view of the customer, this is problematic: what you have may be useful to you, but may not be justifiable under GDPR when it comes into force.
So what can you do? The key is to again take legal advice and then redo all your single view KYC again. Costly – but ultimately cheaper than getting a massive fine. Good luck.