As companies, and marketing organizations in particular, seek greater insight into customer behavior in order to sell more goods and services, governments are acting to protect the privacy rights of the public. GDPR is here. What does all this mean for companies and, in particular, to chief communications officers who are charged with protecting their companies’ reputations?
- Nuala O’Connor, President & CEO, Center for Democracy and Technology
As of May 2018, with the entry into application of the General Data Protection Regulation [GDPR], there is one set of data protection rules for all companies operating in the EU, wherever they are based.
Stronger rules on data protection mean:
- People have more control over their personal data
- Businesses benefit from a level playing field
What are the key issues?
- The deadline for GDPR compliance, combined with revelations of data misuse by Cambridge Analytica via Facebook, has raised awareness and concerns about data and privacy among consumers and companies alike.
- O’Connor cautioned not to focus on the technology, but on the human component: “Privacy is about people, not about data or servers, systems and the internet ‘tubes’ … Do I recognize you as fully equal and all of your complicated and complex self, or do I reduce you to a small version of who you are, one data element about you.”
- O’Connor also predicted the U.S. will pass a comprehensive GDPR-adjacent law of its own in five years: “Europe is way up front on this, but people in the U.S. are concerned and most of the big tech companies are based in the U.S. We need to show leadership that is compatible, but slightly simpler than GDPR.”
O’Connor explained that public concerns about data management and privacy have risen as people have realized their data is being used for purposes “far afield from the original transaction.
“People want to know that they get to decide – that the machine is not choosing for them.”
What should companies do?
- If the standards are simple, know what you’re collecting, keep it safe, delete it when the customer asks you to or you’re required to by law.
- Pose the question internally, “Are we serving the needs of the customer and the community?”
- Look to industry examples – LL Bean, Apple, and Amazon have all worked to be good stewards of their customer data.
In her own words:
“People don’t mind the collection of data if they get what the value proposition is.”
”Without a doubt, the issue of privacy and data use by companies has permeated in a way that I haven’t seen in more than 20 years. People feel hopeless, that there isn’t anything they can do, and suitably angry.”
“Sharing data is the cost of doing business in this day and age, and people want to be on these platforms like Facebook. But they want to know their wishes are being respected, and that the company is a good steward of this information.”