Customer data is valuable to you and data privacy is important to your customers. GDPR has been taking steps to protect both. The data protection legislation is constantly evolving and not just affects data privacy and risk and compliance officers but all parts of an organization that touches personal data. Regulators nowadays act in a more penalizing role, resulting in multiple legal cases all over the EU. Aside from the regulator role evolving, also consumer behaviour has changed. Consumers have become stricter to giving companies their consent and use their data privacy right such as access, rectification or removal more frequently.
During the recent ‘Meet the Experts’ session, Data Privacy expert Johan Vandendriessche highlighted some latest developments. One refers to new restrictions to the use of legitimate interest; DPA’s are shifting and now require strict documentation on which legitimate interest you are using and request you to keep this available for the authorities at all times. Another example focuses on due diligence obligation to data brokerage; is the personal data you acquired correct? And is there consent from the data subject for this data to be used for direct marketing initiatives? Johan also stresses that these legislative changes are constantly evolving, increased enforcement has been noted and stict attention to stay updated is advised.
The GDPR contexts a few principles such as the fairness principle that states all processing must be fair and loyal towards the data subject. Recent developments also apply fairness to indirect data collection. When scraping data from external sources limitations apply. Ensuring the data subject should have at least a reasonable indication their data is used for data brokerage. The importance of data quality and data management is touched directly when we look at the accuracy principle. This principle contains a double obligation as it states personal data must be accurate but also kept up to date at all time. Linking to the obligation that reasonable steps must be taken reactively to ensure the data is in fact accurate. If personal data is inaccurate organizations are required to erase or rectify the data immediately. This touches the technical aspects of data management as controllers need to have mechanisms and processes in place to keep data accurate and up to date.
Data Protection by design
The Regulation uses the term "Privacy by Design" to illustrate that the privacy focus has to be taken into account throughout the entire lifespan of an information system. And here is a direct link to the Data Life Cycle: privacy rules must be considered for storage, modification and removal of personal data. Now think about an automated system that processes your customer data. What is the impact of such rules and regulations in the context of data management? There is a lot to consider: data storage, data access, rectification and removal of data, data security, audit trails, etc.
To protect you from high costs and reputational risks you want to have;
If your data is of high quality and you have an infrastructure that provides consistent, timely and professional processes, you will improve the customer experience and protect your reputation. So why not look at privacy compliance as an opportunity to differentiate your organization?
Interested in getting the full update on the impact of GDPR developments since 2018, actual cases of GDPR non-compliance and all the interesting insights on the upcoming developments concerning direct marketing and data governance, please get in touch with us directly. We are happy to share the on-demand webinar on Data Privacy & Legislation by Johan Vandendriessche with you.