Data: The World’s Most Valuable Resource
In 2017, The Economist labelled personal data as “the world’s most valuable resource”. Our online footprint is a prized resource. For companies, this abundance of personal data directs the way they communicate with their consumers.
However, with great power comes great responsibility. In the wake of the Facebook privacy debacle, consumers are beginning to demand more transparency on how their private data is being used and stored. They fear that their data is not being used responsibly.
This fear is well placed — 41% of marketers admit to not fully understanding the law and best practice around using consumer’s personal data. In response to this lack of responsibility and regulation, the EU has come up with a solution: the General Data Protection Regulation (GDPR).
What is the General Data Protection Regulation (GDPR)?
On May 25, 2018, GDPR will take effect in the EU. GDPR is applicable to any business that uses the personal data of European Union (EU) citizens. While this new statute will affect many departments and areas, it will change the way marketers strategize their campaigns. By simplifying existing data protection laws, the EU is prioritising the protection of individual data, thus giving consumers more control over their shared information.
Alarmingly, according to a survey led by Symantec in 2016, a significant amount of businesses in Germany, France, and the UK are undereducated about GDPR. A staggering 91% of respondents had concerns about being fully compliant, while only 22% made compliance by 2018 their top priority.
How GDPR affects marketers in Asia
It’s concerning that European businesses are so unprepared—should marketers in Asia be ready for a change as well?
Yes. Any company that has a web presence will have to take measures to comply. According to Article 3 of the GDPR, if you collect personal data from someone in the EU, you fall under EU jurisdiction. However, if the EU citizen is out of the EU when data is collected, the GDPR does not apply.
Target marketing is also affected by the GDPR. Opposed to generic marketing, target marketing focuses on a specific group of consumers. If the marketing of a site or campaign is in the language of an EU country, or references EU customers, then it will be considered within the scope of GDPR. In summary, if your company has online connections within the EU, it’s time for a review.
Time for review
To start off, online interactions directed to the EU market will have to contain clear customer consent. The GDPR states that consent must be “freely given, specific, informed, and unambiguous.”
Let’s say you’re looking to collect email addresses. When the consumer submits their email address, there must be a clear statement detailing your intent with this data. The consumer must explicitly agree to this. To comply, pre-ticked checkboxes won’t cut it anymore.
The GDPR also ensures that consumers can access their personal data and remove consent for use. Companies must also focus their data and prove why they need certain information from their customer. Once the data is collected, companies will have to protect it under the GDPR’s rules.
In the event of a data breach, it will have to be reported to an EU regulator within 72 hours of being detected. In 2016, Uber took a massive hit when hackers stole the personal data of 57 million users and drivers. They managed to cover up the breach for more than a year through payments to the hackers. With GDPR, this would not be tolerated.
The consequences of non-compliance
Non-compliance can lead to dire consequences. The maximum fines for GDPR violation are set at 4% of a company’s global turnover, or €20 million—whichever figure is larger. This proves how serious the EU is taking data privacy. For larger companies, the penalties would be a minor inconvenience, but for smaller companies, they can be enough to sink the ship.
A new normal
The GDPR is a step in a new direction for data collection and privacy. After May 25 this year, consumers in the EU will be able to take over the reins on where their data goes, and demand more transparency on data processing. While this is a pain to adhere to, the GDPR ushers in a new era where consumer’s interests are prioritised.