The data privacy notice gets a make over
Data protection within all organisations now needs to be seen from the perspective of the customer, client, supporter, prospect and citizen.
This has implications for marketing, as the way consent for processing personal data is obtained has changed and, with it, the Data Privacy Notice (DPN).
Under the EU General Data Protection Regulation (GDPR) all organisations must now provide accessible information to the Data Subject about how an organisation will use its personal data.
In many situations it won’t be effective to use a single document to inform individuals about what you do with their personal data. Guidance in this area has just been published by the Information Commissioner’s Office in the UK.
The DPN contains all the privacy information that you make available or provide to the Data Subject when you collect information about them.
Expectations about personal data are changing and it’s often argued consumers are increasingly willing to share information on social media and to allow their personal data to be collected by mobile apps without paying any attention to lengthy privacy notices they can’t be bothered to read.
On this basis, it’s argued that Data Subjects are relatively unconcerned that their personal data is being collected and processed.
However, there's also contrary evidence pointing in the opposite direction: that consumers increasingly have concerns about how organisations handle their personal data and want to retain some control over its further use.
The GDPR is a manifestation of those and other concerns and of the paramount importance for all organisations - private, public, voluntary and government - to be transparent about personal data processing activities and comply with the legal requirements to provide privacy information.
This helps to build trust and confidence at a time when people are shaken by events such as the hacks at Yahoo!, Tesco Bank and many others.
It's time to look beyond legal compliance of data protection and privacy regulations as some kind of minimum standard and to embrace the importance of a risk-based approach to data protection.
And the best way to safeguard business continuity is through training your staff to protect the most valuable asset that doesn't belong to the organisation but is vital for its future success - the personal data of its customers, clients, supporters, employees and stakeholders.
If you'd like to know more about the GDPR Transition Programme at Henley Business School, click here.