As security breaches and the misuse of data once again dominate the headlines, the world of “Big Data” has had it’s giant heavily guarded vault doors blown wide open for the general public to see just how murky and nefarious this world really is.
The volume of personal data that is out there sat on servers all over the world is astonishing, and if people only knew the half of it, there would be a far greater public outcry than what we’ve already witnessed.
Obviously not all organisations in this space act immorally or against the interests of the public, but there are bad actors at play here that are exploiting their level of access to data to serve their own interests and ignoring the detrimental effects to the audiences/users/customers they’re taking advantage of.
Too many organisations have forgotten that access to data is a privilege, not a right, and its one that has been abused beyond belief.
Say hello to GDPR
This is why that as the General Data Protection Regulation (GDPR) deadline looms, the need for reform and regulation has never been clearer, particularly in the media and marketing industry, which sadly has a terrible reputation when it comes to the misuse of personal data.
As a Director of Marketing and Media Strategy and having been recently appointed Data Protection Officer (DPO) at Dialect, even I have been shocked at the sheer level of data we have at our fingertips. We work with big international clients and as a result we obviously have access to large volumes of data. But looking beyond that, data is gathered from just about everything we do, from accounting tools to content management systems, ad exchanges to analytics platforms, CRM systems to communication tools, and this is before even looking at the suppliers who operate on our behalf when, for example, delivering media inventory for campaigns or doing something as simple as supplying admin or HR services.
The data audit process that I’m currently going through has been eye-opening and has truly given me a sense of just how vital data has become in today’s world of commerce and enterprise. But also how powerful that data can be be if harnessed in certain ways.
GDPR represents a paradigm shift. A new way of how we view and value data but also how we obtain it.
The most important aspect of GDPR is consent. To obtain the personal data of EU citizens as of the 25th May 2018, you will have to gain explicit consent from them to be able to do so. Not only will you have to gain consent, you will have to be fully transparent when gaining that consent as to exactly what it is you’ll be doing with their data.
This new regulation casts no doubt as to who owns the data… the individual.
This alone has the potential to send shockwaves through the media industry.
Why you should take GDPR seriously
Having worked in digital marketing for over 10 years, I’ve seen new regulations get implemented fairly frequently, and for the most part, they get ignored.
This time things seem a little different.
This is not just a case of the regulators throwing their weight around, this comes at a time when the media industry is faced with the growing usage of ad blocking, cookie blocking, VPNs, proxies and privacy browsers. Users are actively taking measures to ensure that their data cannot be easily harvested and can live their digital lives in private.
GDPR is a rare example of legislation meeting public demand and this should be a giant wake-up call for any industry that relies on the use of personal data to operate.
Personally, I believe that there will be some early examples made of businesses publicly that fail to adhere to the GDPR, and with up to 4% of annual turnover or £20 million (whichever figure is greater) as a potential fine, you should definitely take this seriously.
How to thrive in this new reality
For many organisations very little will be done to adapt to this new environment, and to those organisations, I wish you luck. You may be fine, you might find this is just another loosely written piece of legislation that rarely gets enforced… but I wouldn’t bank on it.
The businesses that thrive in this ecosystem will be the ones that embrace the new age of data protection. They’ll be the ones that realise that a user providing you with access to their personal data is a precious value transfer that will require a greater level of value being provided by you in this exchange.
Data gathering will no longer be a simple mining or scraping exercise, it will be the byproduct of providing maximum value to your users.
Not only will successful businesses focus more on providing maximum value, they’ll provide more transparency and build relationships on trust that don’t only turn their audiences into customers, they turn them into brand ambassadors.
Without trust there will be no data transfer and in a competitive environment where access to data is so crucial, your business will be in big trouble if you’re unable to access and utilise the data you need.
But its also about more than that. Obtaining data is just one piece of the puzzle. What you do with that data and how you secure it will be critical to a successful data strategy being implemented within your organisation.
This is why embracing these early changes to data protection are so important and why I believe taking GDPR seriously is not just about data, its about how you operate as a business and how you value your stakeholders. I personally welcome the new regulation from both a user perspective and from my role as a data practitioner.
Rather than finding loopholes and attempting to continue business as usual, think about how your organisation could put new GDPR measures into effect and see it as an opportunity rather than a hindrance. If you do this I’m sure you’ll reap the benefits further down the road.
What measures are you currently taking when it comes to data protection? Do you think GDPR is important and something you should be taking seriously? I’d love to hear your thoughts.
Thanks for reading.