Michael Sturrock: New rules on data are good business practice

Well, the day is finally here. For those who have worked on the creation and implementation of GDPR since 2011, it probably won't seem real '“ until the first GDPR ­question of the day arrives into your inbox, at least.

The new regulations on data may be a headache for many businesses  but there are opportunities in thinning out mailing lists and databases to better target customers, says Michael Sturrock
The new regulations on data may be a headache for many businesses  but there are opportunities in thinning out mailing lists and databases to better target customers, says Michael Sturrock

Well, GDPR day is nearly upon us. While some naysayers claim it to be data management armageddon, in reality GDPR is about asking organisations to be transparent and honest about how they collect and use customers’ data.

While there are many practical compliance points to GDPR that require adherence, overall, it is a principles-based piece of legislation.

Sign up to our daily newsletter

The i newsletter cut through the noise

It may well be the case that it is only you who can judge your level of ­compliance. Showing your ­working and keeping customer interest at heart will help you judge what you are doing right and wrong.

It’s important to remember that GDPR is, in fact, needed. Direct ­Marketing Association (DMA) research found that 88 per cent of people in the UK want more transparency around how their data is used. That such a large majority are of this opinion shows us that GDPR will help to perform a very ­necessary function: building trust.

Building trust is essential not just for consumer benefit, but for ­business too. We all know that ­consumers don’t use brands they don’t trust. The opposite is also true: brand-customer relationships based on trust are those that last longest. These new laws offer an opportunity for organisations to put the consumer front and centre of their company’s culture.

In knowing that trust is vital, the GDPR asks organisations to be accountable. The collection and use of data must be documented and justified. Companies also need to be clear about why they need the data and how long they are going to keep it. A hassle? For now, maybe.

Good training and effective ­processes should make the practice second nature in the long run. ­Ultimately, the privilege of ­having customer data comes with the responsibility to use it fairly. Privacy should be embedded in the design of every company process – not as a post hoc add-on.

Customers should see the ­benefit of giving their data to a business. That may be as simple as informing them that you require their data to fulfil their purchase options. Giving more data on their part might also entitle them to receive news about similar products or to get access to special offers.

Too many organisations believe GDPR will prevent them from ­getting accurate and relevant data from their customers by giving consumers too much power to withhold information. Yet, we know that consumers like proposals that are tailored to their needs. There is no reason to believe consumers will withhold their information from brands they want to hear from. The hard truth that brands need to face is this: if ­customers don’t want to hear from you, they probably weren’t going to buy from you anyway.

This should also be taken as a ­positive. By thinning out customer bases, you can better target your ­communications and get helpful insight about the advertising that has or hasn’t worked.

It’s also important to remember that technology increasingly relies on data to operate. Our smartphones, smart home devices and all other forms of artificial intelligence rely on our data to perform their functions. Yet if we don’t trust Alexa, she’s not going to be around long.

Again, it’s clear that the element of trust is key to the success of business-consumer relationships. The focus on privacy and accountability means GDPR has the longevity needed to maintain relevancy in a fast-moving world. Those which work with the ­legislation and adopt privacy and trust as brand values will be those which survive in the long run.

The DMA has been coordinating with our thousand-strong membership to help them prepare for GDPR implementation. Our extensive ­consent and legitimate interest guidelines—for which ICO Commissioner Elizabeth Denham wrote the foreword—are available on our ­website for all to use.

Today is just the beginning for the new data privacy laws. The DMA will work with its members and the ­wider industry to support their needs in data privacy; whether that be working to increase sector-compliance or promoting our interests in Holyrood, Westminster and Brussels.

Michael Sturrock, external affairs executive, DMA.