Skip Fidura, strategy & insight director at online marketing firm dotmailer, discusses the post-GDPR landscape and how businesses must keep their customer at the forefront of their mind.
It is now several months since GDPR came into force, and as marketers continue to map the seemingly endless intricacies of the new regulation, it is worth taking a step back and reminding ourselves about who we are doing this for: the consumer.
For any business with customers in the EU – no matter the size, scope, or region – the new regulation reflects the increasing value that is being placed on consumers (and their data).
It aims to reassure consumers that their data is being stored, shared, and used responsibly and according to their wishes.
But, with a steady stream of data breaches still hitting the front pages – most recently in the case of British Airways – there is a worry that GDPR is not achieving its stated objectives.
Considering this, it is important and necessary therefore to look at one of the key requirements and foundations of GDPR compliancy: adhering properly to the ‘consent’ of the consumer.
Under GDPR, ‘consent’ is defined as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Businesses will, therefore, need to, first, inform individuals of exactly how they plan to use their data, and then, secondly, ensure they get clear, unmistakable permission to do just that.
Taking a Closer Look
To understand this in more detail – at least for the benefit of a marketer – it is necessary to take each condition of consent as set out in the text of GDPR:
“Must be freely given”
Consumers should have genuine choice and control over how an organisation uses their data, and consent must be unbundled from other terms and conditions. In the words of the Information Commissioner’s Office (ICO), “consent cannot be a precondition for a service unless it is necessary to deliver the service.”
Organisations must clearly explain exactly what people are consenting to in a way they can easily understand; no legal mumbo jumbo (unless of course you are targeting solicitors!).
The request for consent must be detailed: organisations should clearly identify themselves as the data controller, clarify each processing operation they will be performing and collect separate consent for each (unless this would be “unduly disruptive or confusing”). Moreover, organisations must describe the reason behind each data processing operation and notify people of their right to withdraw consent at any time.
It must be clear that the person has consented and what they have consented to with an affirmative action (i.e. no pre‐checked boxes). Nothing can be presumed; therefore, silence would not be a valid form of consent.
As well as those details above, it is also important to take note of individuals’ rights, such as the ‘right to be forgotten’, where the data subject will be able to have all their personal data deleted (i.e. ‘forgotten’) when they no longer want to have a relationship with a brand.
A challenge and an opportunity
By ensuring consent, marketers and businesses can look to create more fulfilling and informative relationships with their customers. And though GDPR does more tightly define what constitutes consent under the law, an honest and transparent approach has been hailed as best practice for many years – it is just now that businesses are, by law, obliged to comply.
It is also important to note, that when using consent as a legal basis, organisations must be able to demonstrate if and when consent was given. Reviewing the systems and process you have in place for recording consent is also imperative, particularly to ensure you have an effective audit trail.
Remaining and sustaining GDPR compliancy is no easy feat – but, if anything should be adhered to, it is ensuring your organisation has proper consent from its customers. After all, it is not just your back you need to cover, but the consumer’s also.
Our BQ Bulletin emails will land in your inbox at 7.30am, Monday to Friday, with a mix of the latest local business news, national news, and features to inspire you. Sign up here!
Click here to read our privacy statement