A Preview of How The EU Data Laws Will Apply Your IT Department
A recent Computerworld article highlighted the important issue of how the new forthcoming EU data law will affect IT Departments here in the UK. The article’s basis was a look at the unreleased document upon which the new regulation will be based rather than Information Commissioners Office (ICO) speculation.
The General Data Protection Regulation (GDPR) may not actually come in to force until as late as 2017. The regulation will however mean more stringent compliance standards for the way in which your company deals with customers’ contact data. This could mean having to contact every consumer on a database to upgrade opt in permission in order to meet the new ‘opt in’ standards.
Although opt in will be based on consent being ‘unambiguous’ the new consent level required has in fact been watered down by the EU Council and Commission from the original more stringent measures suggested by the European Parliament.
Opt In Permission - Like Traffic Lights
To use an analogy it is thought that getting opt in permission from customers to send them information will work like a traffic light system. If you would like to send information about a specific subject e.g. a product / service to a customer through a certain communication channel e.g. email, consent must first be sought and gained. If you would like to convey information about a different subject to that same customer at a later date it will be like reaching another set of traffic lights i.e. you have to have to seek permission again!
No Facility in Current CRMs
On of the implications here is that your data will need to be kept up to date for consent. This could mean that you will need to produce and store individual consent forms in every case. For the IT Department this means that a CRM or an addition to the CRM will be needed that offers this facility as it is unlikely that many if any current CRMs currently provide it.
Current CRMs may also not be able to be up to the job of compliance with data removal requests. Under the new regulations the IT Departments will have to make sure that not only is the contact point for requesting information be erased easily identifiable, but that the mechanic behind this action is fast and efficient.
Heavy Penalties for Non Compliance
Failing to comply with the new regulations could present too great a risk for most IT Departments because the ICO has declared that the penalties will be substantial. Even though companies who genuinely want to become GDPR compliant will be given some leeway to put things right, all the signs are that token actions won’t count to the ICO. There may also be a right for consumers to seek individual compensation for misuse of data.
Even If Not In The EU
Even if the UK is not an EU member in a couple of years time it will still benefit from trade agreements and will therefore still have to abide by many EU rules, which may include the GDPR.
IT and Marketing Working Together
It is clear that IT and Marketing Departments will need to work closely together and manage their own compliance tasks. This could mean that they will need to seek outside help such as compliance consultants as well as nominating individuals within their departments to be responsible for leading the change. One important job will be to stay up to date with, collect, and share information about the GDPR so that all relevant staff have a clear understanding of it.
The IT Department and other departments will need to have a schedule for regular reviews to make sure that the compliance standards are being met rather than risking massive fines / sanctions and massive changes at a later date due to non compliance.
Look on the Bright Side
Yes it does look as though trying to be GDPR compliant will involve new challenges, increased costs and a considerable amount of work. It could also however be an opportunity to get back in touch with prospects and customers and create new dialogues that could give you more sales information or even trigger more sales.