04 Dec What have we learnt from GDPR?
Over 6 months have passed since GDPR came into force. We take a look at what we’ve learnt since then and what changes need to be made to ensure it continues to be fit for purpose.
It’s been 6 months since the big bad GDPR wolf came knocking at our doors. Promising to revolutionise how our data is handled, the biggest impact it’s had on everyday Internet users is mild RSI from constantly clicking that cookies consent button. Like the millennium bug, businesses big and small alike envisaged a gorgonite crashing down of the ICO upon all who dared, intentionally or accidentally, to break the rules.
Whilst the ICO has seen an increase in data breech complaints following the introduction of GDPR, for most small businesses, the impact has been less widely felt. We had a discussion in the WDC offices and came up with the following thoughts…
Most of us do it anyway
As a small business, we decided to undertake our own GDPR audit. Admittedly, when we first heard about the impending change we panicked at the prospect of what becoming GDPR compliant would entail. In truth, most of the requirements were already been done by those conducting good businesses practices, anyway. Deleting unnecessary information, obtaining correct consent and storing sensitive data in a responsible way were all undertakings that those of us committed to customer satisfaction and security had been practising well before GDPR came into play.
Businesses need to work smarter to retain clients
Who can forget the absolute tsunami of ‘Please Confirm Your Subscription’ e-mails we received up until the eve of GDPR. Each one, like a desperate lover’s attempts to win you back, reading more begging than the last. For companies that retained our newsletter custom, simply sitting back and churning out the same content as before simply won’t wash. Consumers now have the power. With the stipulation that all marketing emails must have a single opt out system in place, leaving a mailing list has never been easier. Because of this, businesses must find innovative and creative new ways of communicating that make people want to stay. Personalised e-mails with targeted and ‘bespoke’ pickings are becoming increasingly popular. They suggest a personable approach to an organisation, one that is vested in providing you with your own personal products and services- an increasingly important factor for businesses, especially those who have no physical high street presence, to consider.
There are still a number of grey areas
Whilst the ICO have attempted to cover all areas of compliance, there are certain aspects that remain a little cloudy. Photography, for example, is still causing a headache for communications teams. Unlike Europe, UK law states that photography of any individual is permitted in public spaces without their explicit permission. For marketing teams using photography databases, many have been concerned that images of beaches, castles or events may no longer be fit for use under GDPR rules. Arguments over data subjects and biometric data suggest that any photograph by which an individual can be identified should not be used, but how far should communications teams take this? And who do they turn to for advice?
Our Final Thoughts
As a whole, we believe it has had a positive impact, even if that is only by means of smaller businesses thinking more consciously about their data storage and usage practices. As time progresses it’ll be interesting to see how GDPR evolves and whether our exiting of the European Union has any bearing on UK business practices and behaviours going forward.
What are your thoughts? How has your business found the shift to GDPR? Let us know!