Conserving the data that really matters
Marketing is necessarily a data-intensive activity, but the looming May 25 deadline does not require a ‘scorched earth’ deletion policy, writes Jason Walsh
One thing can be said for sure of GDPR: despite the best efforts of the data protection commissioner, the various consultants working in the area and, indeed, the EU itself, confusion reigns.
“One of the things that struck me last week is the amount of misinformation or, shall we say, ‘alternate interpretations’ of the GDPR that are out there,” said Anna Browne, commercial director at Dataconversion.
“As the time ticks ever closer, there’s a sense of panic setting in. There’s a lot of confusion among companies around what is and isn’t acceptable,” she said.
For Browne, the problem is that people are not always clear what they should be asking in the first place – nor what they should have been collecting.
“Part of that is whom they’re asking for advice. Ask a specific question and you’ll get a specific answer, but if you ask a broad question you’ll get an opinion,” she said.
Dataconversion has been working with clients for over four decades, and is now in a unique position to advise clients on how to ensure their existing marketing databases and, as time moves on, data capture, storage and processing policies can best be made GDPR-compliant.
Dataconversion works on data strategy, helping clients engage with data, as well as data integrity and compliance; and from Dataconversion’s point of view, GDPR is, in fact, the formalisation of advisory policies that should already have been in place.
“Everyone thinks GDPR is a new thing, but some of the guidelines have been there since 1998,” she said.
“We always had a conservative approach to marketing and always insisted on our clients having explicit consent, so now it’s a question of making that a formal process,” said Browne.
“We’ve developed a data register to aid our clients to do that,” she said. “It’s a macro view, enabling them to get a view of all data running through an organisation, rather than a micro view, looking at individuals. When the panic sets in, it’s better to step back and look at what’s under your remit as a [data] controller.”
This conservative approach to data will now pay dividends, but even businesses which have collected every imaginable data point can start to get compliant without deploying the nuclear option of mass deletion of data on May 24.
“There are people who will have a web form, say, and it collects [among other things] mobile phone numbers. Now, [in many cases] they never need that mobile number for any reason, so it’s a case of working with our clients to educate them on what they’re collecting and why; to really understand it. To be frank, don’t be collecting data just for the craic! There’s sometimes a feeling of, ‘Think of all the data we can build up’, but this has to change,” she said.
Browne said that one clear commercial advantage that can be had is that people, increasingly, want honesty and clarity from businesses – something that has only increased following recent data-handling scandals.
“We don’t believe in hiding behind the language: just tell people what you’re using and why you’re using it, and they’re much more likely to trust you as a brand,” she said.