We spend the vast majority of our time supporting SME businesses who rely on us to provide them with recommendations, observations and thoughts on how to continue building their businesses and their brands. One of the most significant subjects has been the new GDPR (General Data Protection Regulation) and in particular the matter of consent.
In January 2017, we ‘kicked’ this subject around for a good couple of months whilst we assessed (as best as we could at that time) how much needed to be done to remain compliant. It soon became clear that these firms could choose to follow hundreds if not thousands of other firms and do nothing (believing they were already compliant), or to take the proactive step of being seen as early adopters and embrace the Regulation as a real business differentiator, that I believe it is clearly going to become.
To establish how we would manage consent, we first had to audit all the customer data entry points and the existing data management software (as well as conducting a review of the external partners that they shared this data with, the process used for data cleansing, whether to archive by applying dormancy rules and when, as well as matters relating to Subject Access Requests and how efficiently these could be fulfilled).
It was decided that this would be a significant task and one that if it were to become a business differentiator we would need another piece to truly take the whole process one stage further than any other because of information we’d learnt through our first six months of research.
GDPR revolves around transparency as a key part of the Regulation and requires that all businesses no longer ‘bundle’ consent, in other words gaining consent for one area e.g. the warranty period after a purchase, and then applying those consumer details as being consent for every type of communication such as special offers across increasingly regular frequency.
Added to this were some members of the legal profession that were beginning to raise their concerns about any consumer who was ‘encouraged’ to sign-up for receiving special offers or lose out as potentially not giving their consent ‘Freely’ and in an unambiguous manner. To overcome this, we’re developing a ‘Traffic Light’ process for sign-up which by its very nature provides each and every consumer with a free choice for consent. The traffic light system meets GDP Regulation because it’s transparent, it makes it clear what processing of personal data our clients intend to do, and therefore provides clear demarcation between each set of processes and the communications associated with each.
If you’d like to chat with us about the traffic light system which places the customer at the centre of your business transparency and growth, or if you’d like to speak to us about any aspect of GDPR, we’d be delighted to hear from you.