Under the umbrella of the incoming General Data Protection Regulation (GDPR), Data Protection laws have been afforded both the “teeth” in the form of punitive punishment, and the means in the form of the strengthened Information Commissioners Office (ICO), to take firm action against companies who have ignored their responsibilities.
These punishments include financial penalties so high that many businesses could be forced into closure due to the decisions of the ICO. Businesses cannot afford to ignore the imminent changes coming.
Why and how businesses hold personal data
Businesses and other organisations hold the data of EU citizens for a variety of reasons. Perhaps the individuals are clients of a service, or simply correspondents writing to the customer services department of a product manufacturing company that they have bought goods from.
However, there are also individuals held in databases and lists that businesses hope to sell their goods and services to in the future.
These people are different. They have not yet explicitly defined their relationship to this organisation by agreeing to a commercial exchange. To have their details stored at all, these individuals had to explicitly agree to a third-party organisation contacting them to receive marketing information. Perhaps they did this when they bought another product, but all too often there is a suspicion that their personal data has been obtained without consent.
Now, not only is the onus on companies and organisations to have to prove this consent when challenged, but to also take the greatest care of this personal data. Any breach of data security could cost them and their staff their livelihood.
Marketing in the future
Assuming the correct sourcing for marketing records and the personal information in them, companies now must make significant efforts to secure this data against security breech.
In a large organisation this could have significant budgetary, IT, personnel and communications implications.
Marketers could protect themselves in three ways:
Procedurally: Organisations can take the time to carefully look at their processes and ensure the finance and HR departments (for example) are fully compliant with best practices. Processes can be created and improved for new staff vetting, for the removal of data access for leaving staff, for contractual amendments to ensure staff understand their duty of care and in many other areas.
Proactive defence: Companies must ensure their data is “Walled” securely, which means both virtually and physically. Company premises that house confidential data must be secure from intruders, and appropriate IT security must be employed for all digitally stored data.
Marketers reaching out to potential customers via widely used historical methods like Telesales and Email Campaigns will have to look to their IT Support providers to help protect themselves. Methods available for doing so include Advanced Firewall Protection, Incremental Backup Services and Hardware Encryption Software.
Insurance Policies: New tailored Insurance products to protect a company from the expense of data breech clean-up, lost revenue and indeed ICO fines already exist. However, Insurers will want to satisfy themselves that policy holders have taken appropriate Procedural and Proactive defensive measures (as described above) before they are comfortable offering cover.
Time is running out – GDPR is about to swing into action. Marketing departments and service companies must act now to safeguard their future. It’s time to speak to your HR professionals, to your building security advisers and to your IT support specialists. Then, and only then, can you speak to your insurers too. Please make sure that you’re prepared for GDPR when it arrives.