GDPR, accelerator of your digital transformation
Original text by Alexis Mons, Head of Legal and GDPR at Emakina.FR
GDPR: high time to get ready for the new EU data privacy laws
On May the 25th 2018, EU’s General Data Protection Regulation will come into force. In business language, that’s already tomorrow morning. ‘GDPR’ (or ‘RGPD’ in French) represents a major tipping point for digital data management on all levels, whatever your activities may be.
Hopefully, you are not part of the majority of professionals who just recently discovered the existence of this ‘ominous dark threat’. Several strong signals probably alerted you over the last months:
-1- The invasion of your online screens by law firms and major publishers: all are looking to sell you training sessions and solutions (but your automated eye-brain ad-blocker probably excluded their messages from your radar);
-2- The cries of rejection emitted by a part of the profession, especially advertising people;
-3- The growing momentum in the press: journalists are getting all worked up over the question of personal data,
with some beautiful cases raised to the status of scandal to spice up their stories.
The GDPR is a European directive that establishes a set of rules about collection and exploitation of personal data for all companies involved with personal data of EU residents, wherever these companies are based. Its aim is to protect all EU citizens against privacy and data breaches.
The EU launched a fresh educational website to explain everything GDPR. The subject quickly becomes very serious, with the obligation that someone in your organisation actually takes charge of it. And businesses really need to make sure they don’t fall out of the new legal framework… The legal financial risk is high: up to 20 million euros or 4% of the company’s turnover (whichever is the highest).
It’s all about the people behind the data
The GDPR is great news for European citizens because it simply meets their expectations. And according to studies, it even goes further. But there is work to be done. A recent survey shows that various EU Member States are taking different approaches towards GDPR implementation and derogations, making the topic more complex.
And one study published on 18 October sounds the alarm clock on how businesses are preparing for this new reality. Although 77% out of 200 surveyed European companies are familiar with the GDPR, only 5% believe they are compliant with all applicable requirements.
Even cinema has picked up on the topic of privacy and data and how it affects our lives and society. Of course there’s the ‘Snowden’ film, but there’s also the documentary ‘Nothing to hide’, (see the full film on YouTube). Consumers are not reassured. They want guarantees. It’s just normal that playtime is over.
We have to admit that up until now, the whole topic was a bit of a mess. Objectifying people has always been a questionable thing; summarising people to their easily collected and exploited data is a bad idea. It is unhealthy because it leads to no longer thinking about the customer.
Stop. Objectifying. People.
Why is it a bad idea? Because it makes us forget to ‘client-oriented thinking’. If we really think about our contacts as clients, and if we genuinely care about them, it only becomes logical to be more attentive to what we do with their personal data.
Far from Europe, and as part of their corporate values, Apple leads by example. Just see how the ad world reacts to their latest OS updates. Apple and the GDPR clearly share the same fight to clean up cookies.
If data is as valuable as gold, then you must be very respectful of those who entrust it to you. Never forget what you owe them, otherwise they can come back to remind you of it and haunt you.
Photo: Jon Moore
GDPR, the accelerator of your digital transformation
Think about users, not about data. Why hide in a dark corner observing people to learn what they want? Why not just ask them? And get their real full consent, with a benefit in service as a result?
Within the word ‘beneficiary’ lies the word ‘benefit’. When the GDPR requires to obtain clear consent, it forces you to pair a real gain with each byte of data collected. This forces you to think what the experience really is and what it is worth to the client. So we all have to add value to the actions we ask from our customers and offer them a good deal. In short, we need to treat them as real, equals stakeholders.
The GDPR is a magnificent instrument of digital transformation.
It forces us all to use ‘client-oriented thinking’. It pushes us to integrate the customer as a stakeholder in our business. It requires sharing clear indicators, and putting data at the service of a shared service value. With the GDPR, your digital platform will become truly client-oriented.
A matter of style
The GDPR is much more than just a legal or a software issue. It’s a matter of style, a question of what your company should embody today. You can be a real modern organisation, embedded in digital and carrying strong common values with your customers and all your stakeholders. An organisation that builds on transparency and capitalises on the confidence in the ecosystem that carries its actions.
If the GDPR scares you, it means that you are not at that level (yet). For too long, data has lived in the shadows, it is time for it to express itself and shine bright in full light. No business data without data ethics. That is the question.
The clock is ticking… We have almost 200 days left before the GDPR is the new rule!