The General Data Protection Regulation (or GDPR for short) is a set of data protection rules for all companies operating in the EU that came into effect in May 2018. GDPR was created by the European Parliament and the Council of the European Union. It “regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU.” (Source: European Commission) Processing refers to “obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data.” (Source: ICO)
Statistics about GDPR
- 25 EU member states have so far adopted the required national data protection legislation.
- 67% of Europeans have heard of GDPR.
- 57% of Europeans know that there is a public authority in their country responsible for protecting their personal data rights.
- A total of 144,376 queries and complaints have been made to all data protection authorities in Europe since the roll-out of GDPR.
- There have been 89,271 reported data breaches in Europe since May 2018. (Source: European Commission)
- Individuals have the right to be informed about the collection and use of their personal data.
- If a data breach has occurred, individuals have the right to be notified within 72 hours.
- Individuals have the right to access their own personal data for free.
- Individuals can ask any organisation storing their data about how it is being used.
- Consumers have the right to portability. In other words, they can move their data from one service provider to another.
- Consumers have the right to ask companies to delete their personal data.
- The right to restriction means that consumers can ask organisations to not process their data.
- Consumers are entitled to update their data in case it is outdated, incomplete, or incorrect.
Why Do Businesses Need To Adopt GDPR?It’s the Law:
Organisations that have been found to be in breach of GDPR will be penalised. These penalties vary depending on the severity of the breach. For example, the most serious infringements can cost a company up to 4% of their annual global turnover or a €20 million fine, whichever is greater. Lesser breaches will trigger smaller fines.Reputational Damage:
In a 2018 survey, 53% of SMEs in the UK cited “reputation damage” as their biggest concern about GDPR. If your business fails to meet GDPR requirements, it will soon become a very public affair, and the resulting reputational damage may lose you customers.Show Customers That You Care:
Being transparent about how you process data will demonstrate that you respect the rights of your customers. This will allow you to build a more trusting relationship and potentially help to boost retention rates.Encourages Data Cleanliness:
“Data hygiene” refers to the regular removal of “dirty” data (e.g. incorrect, duplicate, outdated or consent-free data). With less data to manage, organisations can enjoy lower IT costs and a better quality of data. GDPR forces organisations to take a more approach to data hygiene and is a great opportunity to improve your practices.
10 Steps for Making Your Mobile Messaging GDPR Friendly
- Offer explicit opt-in and opt-out options to customers.
- Provide data protection training to employees.
- Appoint a data protection officer who will take responsibility for championing customer’s data rights.
- Invest in data security technologies such as data encryption or masking.
- Create a preference centre in which customers can tell you how they want to be contacted and what they want to be contacted about.
- Ensure all mobile messaging is highly personalized and targeted, as this will prevent it from being perceived as spam.
- Ensure that any mobile messaging service providers you engage are fully compliant with GDPR.
- Make sure that you have a fast and effective opt-out system.
- Don’t approach GDPR compliance with the attitude that it is a burden, try to view it as an opportunity instead.