Is GDPR the devil himself? A different approach to the new Regulations.

in business •  6 years ago 

I do not think there is anyone out there who has not heard about the European General Data Protection Regulation (GDPR). The GDPR consists of a multitude of regulations that define the right way to handle the Personal Data of European citizens and all companies based in Europe or providing their services to European Citizens have to comply with it. In case they fail to do so, they could face heavy fines that can reach tens of millions Euros!   

It is well understood then, why there is so much "buzz" around this legislation that has already been in force since May 25, 2018. All we see these days is freaked-out businessmen who have no idea or proper guidance on how to comply with GDPR, and sleep-deprived developers and marketers (including me of course) who instantly get migraines when hearing that "forbidden" word!

The GDPR's many ambiguities result in endless interpretations of this law. I, personally, have yet to meet two people who agree with each other. As a result, the difficulty for a business of complying with the GDPR has monopolized the conversation these days. But do we overlook an important parameter?   

Is GDPR so bad after all? 

We need to divide the question into two sections, according to the interested party. On the one side, there are the companies plus the related professionals (employees, web developers, marketers, lawyers, DPOs etc), and on the other side there are the... people. Ordinary people like me and you, irrespective of profession, whose personal data DGPR came to protect and put an end to their misuse by the various companies!   

GDPR for Citizens 

Following the scandals that have been revealed worldwide lately, we had to face the ugly truth that our personal data was a toy in the hands of many companies. They retained more data than needed to provide us with their services, processed our data, used it for advertising purposes, sold it or exchanged it with other companies. And all these done behind our backs.   

The GDPR is a positive step towards avoiding all these practices that violated our rights. Nevertheless, it is just a step, and it's a long road to a real transparency in the handling of our personal data.   

Therefore, according to GDPR, the following rights are guaranteed to all European citizens:   

  • Each company must inform its customers with great detail which personal data they retain, how they use them and why.   
  • Personal data belong to the citizen they concern. This means that European citizens have the right of direct access to their data, as well as the right to withdraw them completely from one company and transfer them to another.   
  • The citizen has the right to be forgotten and their data to be erased upon request, with the company being obliged to comply (there are exceptions depending on the type of company ie bank, or on the nature of the data since an invoice can not be deleted before a specified time period expires).   
  • In case of hacking a user's personal information, he / she must be notified within 72 hours.   
  • Companies are forbidden to use clients' personal data for marketing purposes or even to export Insights without the explicit consent of their clients on written or electronic form (with non pre-ticked checkbox).

All the above are great news from a citizen's viewpoint,  as his data are treated with the respect and transparency he deserves.   

GDPR for Business and Professionals 

Unfortunately, GDPR caught the business world unprepared. Even responsible organizations such as the Greek Personal Data Protection Authority or online platforms such as Wordpress, Joomla, Google, Mailchimp etc. failed to inform the public in good time or to provide the appropriate GDPR-compliance tools early enough, and not at the very last days before the deadline. According to estimates, only 2% of Greek businesses are currently fully compliant with the GDPR.   

Nevertheless, there is no need to panic.   

Obviously, a company's compliance procedures with the GDPR should be completed as soon as possible but, according to informal statements, there would be an adequate period of "grace". In case of non-compliance, the Data Protection Authority will first make a Warning. After the warning, a Reprimand will follow and then a Suspension of Data Processing. If the company fails again to comply, then a Fine of up to 20 million euros or the 4% of total annual turnover will be imposed (whichever is greater).   

The goal of the European Union is to protect the privacy of its citizens and not to destroy your business as of May 26th. 

So take a deep breath, calm down and address to GDPR-informed lawyers, developers and marketers to help your business comply with the GDPR.   

Having overcome the initial panic and being in position to think more calmly now, a new question pops up. Could this GDPR compliance procedure bring any benefits to your business?

1. The transparency of Personal Information handling procedures will boost customers' trust to your business.

Those who attended our latest webinar on "The Hard Truth About Acquisition Costs (and How Your Customers Can Save You)" you will remember that, according to HubSpot, customers' trust and, by extension, loyalty to your business, is the primary factor that will determine business growth in the long run.   

If there is a feeling of security and respect for privacy, this will improve the customer-business relationship. If shadows start to appear, then it is very likely that your customers will jump to a competitor's ship that they trust moret. GDPR is an opportunity to start a brand new and improved relationship with your customers. Those who treat the new regulation purely as an obligation to place a simple checkbox under forms or the bottom of their website will be left behind by competition in the long run.   

2. It's an excellent opportunity to improve the quality of your target audiences of your advertising campaigns.   

Over time, a business accumulates the data of a large number of customers, a percentage of whom are no longer interested in its services or products. Nevertheless, most insist on spending energy or money to promote their campaigns to people who are not interested. The most typical example is the endless list of emails used for email marketing. GDPR requires businesses to regain the explicit consent from the customer in order to continue using their email for promotional purposes. That's why your inbox is overflowed with hundreds of emails that kindly (or not) request us to renew our subscription to their services newsletter.

Yesterday I attended a meeting involving many developers, marketers and businessmen in Thessaloniki to discuss and share our first experiences with the GDPR implementation. The percentages of customers who re-confirmed their subscription to the newsletters were tragic. Many reported percentages of around 5%, while 10% was considered a very good retention rate. The biggest number that was mentioned was 19%. However, these percentages were interestingly very close to the percentage of recipients who opened the newsletter in pre-GDPR campaigns.   

Obviously no one wants to see his email marketing list shrinking down to 10%, but the problem's cause is that only 10% of the list were really interested in company's services or products. Isn't it predictable that only people interested will renew their subscriptions? Not only predictable, but also desirable. A list of just a thousand people where every single one is interested in your services is better than a list of a hundred thousand who are 95% indifferent. Those who stayed are either loyal customers or highly likely to become future customers, so the marketing team is now able to improve its targeting efforts and allocate more efficiently its resources!   

3. A transparent process of managing Personal Data, plus the increased security measures implemented, will make citizens more willing to share valuable personal data as long as it makes their lives easier.   

If I'm sure that my data are safe and I can erase them at any time in case I want to, then why not give them to a company such as Paypal, Uber or HubSpot whose services will make my life so much easier in too many cases? If you manage to make your customers feel safe and willing to share their personal data with you, then you will be able to upgrade the services you offer, as they will be a perfect fit to your customers' needs. This leads to a better experience of interacting with your company and an increased customer loyalty. It's a win-win!   

Summarizing…

Although the new European General Data Protection Regulation (GDPR) contains quite a number of ambiguities and deficiencies, is a remarkable progress in terms of transparency in the handling of Personal Information.   

At first, it seems that regular citizens are the only party favored, but that is not the case, as compliance with GDPR opens up new horizons for a more transparent, trusting and efficient relationship between businesses and their customers.   

If you are a citizen, be sure to get informed of your rights and if you are a business owner, contact GDPR-specialized professionals who will advise you on how to comply with the GDPR!

Thanks for your time!


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Καλώς ήλθες Θοδωρή!
I actually believe that GDPR is for good, we should respect and not fear it.
Thanks for your article!

Tnx for your feedback Katerina! I agree with you, GDPR is good for both customers and businesses. :-)