The countdown to the General Data Protection Regulation (GDPR) is officially on. On 25th May 2018, the introduction of the new legislation will mark the start of a new era of how businesses manage, process, store and share personal customer data. This new legislation will replace the long-standing Data Protection Act 1998 and introduce stricter rules on how businesses process personal customer data.
What do businesses need to know about GDPR?
In essence, the rules will introduce stricter requirements around when brands and businesses can use data. This means they will need to be clearer about the information they are requesting from customers and how they will use it. Confusing contracts and terms and conditions will no longer be an option; companies will need to provide transparency at all stages during the collection of customer data to ensure consent is given unambiguously.
Another important change is increased accountability. Strict penalties will be introduced to businesses that breach the new legislation, with the maximum fine increasing from £500,000 to €20m or 4% of global turnover for the most serious incidents.
Who will the GDPR apply to?
The Act will apply to both processors and controllers of customer data. For businesses wondering if the GDPR will affect them, as a general rule, those which are currently regulated by the UK Data Protection Act are likely to be affected by the GDPR.
The rules will be imposed across Europe, building a harmonised data protection regime that impacts not only on companies based in the EU but also those that want to do business here. Although it will be some time until it is understood exactly how the UK will adopt GDPR, at the very least, businesses working with EU countries will need to abide by the legislation as it applies to the management of customer data flowing both in and out.
Taking actions to beat the fraudsters
Cybersecurity is an unavoidable consequence of the digital world we now live in – and the GDPR is shining a spotlight on the role customer-facing organisations must play in protecting customer data.
For banks in particular, which are generally among the most trusted brands by consumers, I believe there is huge potential for them to build on the role they already have in their customer’s lives – and and offer increased support and assistance to help keep them safe online.
And there are other benefits, particularly for banks, that can offer protection solutions to their consumers, too. According to our latest research, The Connected Customer, people who take out products that help them alleviate their cyber concerns tend to be more engaged and, ultimately, more loyal.
An education for consumers
Businesses should also consider how they can help customers be more savvy online. With consumers logging in to multiple devices, e-commerce platforms and social media sites each day, it’s clear they are also responsible for protecting themselves. Awareness of cyber security doesn’t seem to be the issue; a report by Symantec revealed 57% of customers “are worried their personal information is not safe”. But despite this, a study by Aite found 49% of consumers exhibit at least one risky behaviour which puts them at higher risk of financial fraud.
Looking ahead, we can expect to see more initiatives such as this introduced across a number of customer-facing industries, with organisations, industry bodies and associations working together for the greater good.
A new dawn for customer data
With GDPR now on the horizon, companies are facing an increased responsibility to keep customer data safe, and provide transparency at each step of the data-collection process. But there is also a great opportunity to connect with customers over cyber security and be part of the education and empowerment journey. Those which can are likely to reap the benefits with more trusting, local customers.