It’s not long until GDPR comes into effect – 25th May, in case you missed the memo - and clearly, it’s going to have a huge impact on all businesses, no matter what industry you’re in.
Almost every organisation will likely have to make changes to their processes, so it’s vital to understand what you need to do to be compliant; otherwise your business could face fines of up to €20 million or 4% of its annual global income, whichever is higher.
If you're still unsure how GDPR will affect your business, here's some of the key issues for various industries, and how to help rectify them.
Personalisation is vital in retail, particularly when younger customers are involved. In fact, the majority of millennial and generation x consumers are willing to share personal data in exchange for personalised offers, in-store and online shopping experiences, and product recommendations.
While it’s a positive that so many customers are happy to share their data to receive such services, retailers will still need to focus on gaining consent to store and process this information. This should be done using clear and transparent language, to ensure every consumer can understand how their data will be stored and used.
Data misuse is likely to be largely reported by consumers, so it’s important they understand what the changes mean and what they need to do if they want their data removed from a retailer’s database. Many online retailers still rely on pre-ticked boxes to gain marketing consent – these will need to be removed immediately.
Financial firms handle extremely sensitive information, so many organisations within this industry are likely to have the correct data collection procedures in place already. But in the wake of increased scrutiny after GDPR comes into play, they will need to be reassessed. Additional consent will also need to be gained if any client data is shared with third parties.
With client data being passed through so many IT applications, some of which (such as development and support functions) may be outsourced to third parties, the chance of that information being exposed increases significantly. Therefore, it is vital to assess and understand all data flows.
If they don’t have one already, financial firms may need to hire a Data Protection Officer. They will be responsible for monitoring compliance with GDPR and other data protection laws, and will be the first point of contact for individuals whose data is processed by the firm (e.g. employees and clients), as well as supervisory authorities.
Data protection is important within the automotive sector too, as dealerships have access to a wealth of personal data, including financial backgrounds, and the contact details of both customers and employees. Automotive firms need to assess how customers’ payment profiles, driving records and other data is stored and used within the organisation, as the potential fines for data breaches are huge.
Before GDPR comes into effect, automotive businesses should clean their existing customer data; this will help ensure all customer and staff information is up to date, and that existing consent meets GDPR standards. Not only will this prevent businesses from running into trouble, it will also save them time and money, as it means dealerships will only contact current customers. Someone that bought a car from a dealership ten years ago, but hasn’t been back since, is unlikely to engaged, and could make a complaint they’ve been contacted at all.
The travel industry faces two major potential issues when it comes to GDPR: it collects a lot of personal data, including sensitive health and medical information, and that data is often shared with overseas suppliers, such as accommodation and excursion providers. All data sharing activities must be brought in line with the new regulation, so third-party agreements should be reviewed as soon as possible.
There is some good news, though. ABTA said they are working with supplier groups to ensure the new regulation is being observed across the supplier chain. Additionally, unlike some other industries, customers are much more likely to opt-in to receive marketing materials from travel companies, even after their holiday is over. That’s because we’re a nation of holidaymakers.
According to research from Trainline, the average British traveller goes on three holidays a year. Data from the Office for National Statistics also reveals that UK residents made 70.8 million trips overseas in 2016. Travel companies should therefore have few issues when asking existing and new customers to sign up to receive offers and other marketing materials.
The property industry relies heavily upon its CRM systems. Current, prospective and previous clients will all need to be contacted to ensure they are happy for their information to remain on file or not. All staff that upload data to CRM systems will need to undergo training, so they understand the new regulation.
Once the service has been completed, whether that’s a valuation, survey or house sale, agents must remove the buyer or vendor’s details from the database. They cannot use that data to send that client marketing materials, unless the person has specifically opted in to receive such communications from the agent.
Additionally, it’s paramount to check that all outsourced work is completed with a fully GDPR-compliant company.
Being compliant with GDPR involves a lot more than ticking a few boxes. Here at Feefo, we believe GDPR will be a positive change for both consumers and businesses. The new regulation will be key to increasing trust, and therefore improving your customer relationships.
Don't feel you're ready for GDPR just yet? We can help. Our guide to GDPR answers some of the frequently asked questions from our clients, in plain English, helping you to understand what you need to do prepare for the new regulation.
Net Promoter® and NPS® are registered trademarks of Bain & Company, Inc., Satmetrix Systems, Inc., and Fred Reichheld.