Data is at the heart of every digital business model, but publishers, in particular, have a distinct need to glean data from their readers. Without refreshing their data stores regularly, publishers can’t deliver their content outside of the confines of their websites and applications, nor can they work on producing personalized content to suit the needs of each audience segment.
But as the General Data Protection Regulation (GDPR) closes in, publishers are still unsure about where the line is being drawn. If you’re confused about the status of your data collection strategy under the GDPR, read on.
Why You Should Welcome GDPR for Data Collection
First things first, let’s dispel the myth that GDPR itself is going to hinder businesses. While GDPR compliance may be difficult to muster, the lasting effects of being compliant should actually positively impact your bottom line. That’s because, on top of avoiding heavy fines, there are three clear benefits to revamping your data collection protocols in line with the GDPR:
- To prevent reputational damage to your brand as a result of non-compliance.
- To realize cost savings due to a streamlined data collection process.
- To eliminate time and money wastage as well as inaccurate data by removing old records or records of disengaged customers.
Consumer Rights Regarding Data Collection and Processing
We will come to touch on a number of new consumer rights brought about by the GDPR, but first and foremost, let’s talk about consent — which is at the crux of the issue.
According to the EU GDPR website, “The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.”
It goes on to explain how consent must be clear and distinguishable from other matters and provided through an easily accessible form using clear and plain language. Plus, “it must be as easy to withdraw consent as it is to give it.” We’ll delve deeper into this issue later on.
On top of this tightening around consent and “legalese,” data subjects also have the following rights over their personal data — even after they consent to you using it. Those rights and powers include:
- The Right To Be Forgotten: A customer can demand that you erase all personal data relating to them, and you’ll have to comply (relatively quickly, too).
- The Right of Access: Consumers must be given total access to their personal data as well as to any supplementary information.
- The Right to Restrict Processing: Customers should be given the ability to “block” the processing of their personal data selectively or altogether.
- The Right to Data Portability: Customers must be given the ability to export or download their data on demand.
- Rights Related to Automation: In certain circumstances, controllers and processors who practice automated decision-making, like profiling or consumer segmentation, will need to give data subjects sufficient information about the process and give them simple ways to request human intervention or challenge a decision.
It’s also important to bear in mind the list above is non-exhaustive, so it’s worth reading through the GDPR to get a true understanding of the rights of your customer.
How GDPR Impacts Data Collection
So, how do all those new consumer rights translate into a realistic data collection strategy?
As previously mentioned, the rules around consent are imperative to data collection.
Firstly, opt-out tick boxes aren’t valid under the GDPR as they’re considered ambiguous consent. So, brands are going to have to find new ways to collect consent as they collect data. According to recital 32 of the GDPR, “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her …”
The legislation goes on to discuss how organizations have to keep renewing that consent at every turn. For instance, if you plan to process a consumer’s data in a new way which wasn’t covered by their first consent form, you’ll have to gain their consent once again.
Furthermore, collecting and using data such as ethnic origin, religious beliefs, political affiliations, medical information and sexual orientation, all requires additional, explicit consent.
What does this all mean? Well, you’re going to have to revamp your web forms and landing pages with more text and tick boxes, that’s for sure. But on the plus side, collecting data is totally fine — just so long as you have explicit consent for every little data point in question.
It’s Time To Go Lean With Data Collection
With the impending rules around consent in mind, you’re probably thinking what I’m thinking: You’re currently collecting too much data — and with all those consent rules coming through, gaining explicit consent for all those data points is going to be a nightmare.
I’d say that — in my own approximation — mid-market brands aren’t even using 90 percent of the data they collect. Certainly not to the level of the Amazons and Targets of the world, anyway. Instead, most data goes unused because brands either don’t know how to use it, or they lack the technology stack to put that data to use. There’s just too much data there.
So, now what?
The answer is simple: It’s time to take a leaner approach to data collection.
Firstly, brands need to figure out which data points are important to them. Secondly, they need to stop spending their time and resources parsing through all their old data and really focus on the 10 or 15 pieces of data that actually contribute to improving the customer experience. It’s time to get rid of the fluff and niche down into what matters, and I personally believe this is a job for the marketing department.
Know Your Data, Ask Your Customer
Once you know what data you need — and what you need it for — it suddenly becomes a lot easier to inform the end user about why you’re collecting their data. That, of course, makes it easier to get their ongoing consent.
In other words, before the IT guys can come in and weld this GDPR-compliant machine together, the business side of the brand needs to do the work to ascertain what’s needed — and what’s superfluous.
This all leads me to a phrase I’ve been using a lot recently: “Less is more.” Brands just need to do some heavy lifting now in order to identify what that “less” should look like so they can do more with it moving forward.