The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on March 18, 2018

Stop whining, GDPR is actually good for your business

Stop whining, GDPR is actually good for your business
Dennis Dayman
Story by

Dennis Dayman

Dennis Dayman is Chief Privacy and Security Officer at Return Path. He has more than 20 years of experience combating spam, security/privacy Dennis Dayman is Chief Privacy and Security Officer at Return Path. He has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Return Path’s chief privacy and security officer, Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet related policy issues.

It’s safe to say that nearly everyone in business today has at some point has heard the acronym GDPR (General Data Protection Regulation). Many in the digital industries and services arena are either preparing for the changes on the horizon, or are dreading the work that still needs to be done to prepare.

In the United States, we’ve already seen the implementation of the email regulations for Can-Spam, but GDPR is something else entirely. In my presentations to marketers, I often refer to the US law as the YOU-CAN-SPAM Act, because in essence, it does not require spammers to get permission before they send junk email and it prevents states from enacting stronger anti-spam protections. That’s not the case with EU regulations or GDPR.

GDPR’s recent portrayal in the press is frightening. Much of the commentary surrounding GDPR has focused on the burden for businesses. The negative sides of its implementation, and the stiff penalties for compliance failures. I, for one, actually think GDPR can be positive for your business. Here are a few reasons why.

GDPR simplifies existing regulations

Companies need to get ready for the new regulation, but it’s not there to make a quick buck in fines or to cause panic. GDPR builds on and replaces the long standing Data Protection Directive and was designed to harmonize data privacy laws across Europe and eliminate confusion. By doing so, GDPR will protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy.

To be fair, many companies that use panel data already use explicit consent and hyper-transparent notice because of the nature of the data they collect. But we seldom hear about these examples of companies that do a great job of protecting users’ data; we tend to only hear the bad.

Better data leads to better marketing

GDPR focuses on first-party data (data directly acquired from a customer), which means that the data you are storing about your customers is of the highest quality — since it came directly from them, with their permission. Clean data that is provided voluntarily is a direct path to better leads and higher conversions.

This lends itself perfectly to inbound marketing, which nurtures leads by providing marketing material that’s valuable to those potential customers. So collecting data through inbound marketing efforts can help get you GDPR compliant, while also optimizing your emails to increase conversions.

GDPR certainly isn’t the end of email marketing, and can actually provide the push businesses need to create a responsive, valuable email marketing strategy that will engage leads and delight customers.

GDPR is an opportunity to trim the fat

GDPR will require a review of data handling and processing procedures; this presents a great opportunity to review and map your data flows or clean house and restructure them not only for compliance, but also for business efficiency around costs.

According to a study done by Veritas, 85 percent of all data stored by companies is considered redundant, obsolete, or trivial — and the cost of server space and time for managing this data is immense.

The physical presence of data is so small that sometimes we don’t think of it as clutter. We accumulate massive amounts of it, and some of it can be harmful if it gets lost or stolen. In my family, the first signs of spring have always been our cue to fling open the windows and let in the fresh air, thus beginning the ritual of spring cleaning. It seems appropriate that organizations should do much the same thing when it comes to data.

New data protection process may reduce risk

GDPR introduces a new concept in European data protection — “pseudonymization” — for rendering data neither anonymous nor directly identifying. Pseudonymization is the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately.

Pseudonymization, therefore, may significantly reduce the risks associated with data processing, while also maintaining the data’s utility and creating incentives for controllers to pseudonymize the data that they collect.

Companies can take control of their own compliance

GDPR gives companies an opportunity to take control of their own compliance, rather than register with the applicable data protection authorities. This means that businesses need to actively organize, monitor, and understand all the data they store, and make sure it is compliant with GDPR regulations. For example:

  • Under the previous directive, it was acceptable to remove a contact who had opted off your list while keeping their data on file — this is no longer the case
  • The rules around consent follow a higher standard and options to withdraw that consent need to be always available
  • GDPR advises the use of the more proactive opt-in box rather than assuming the customer’s consent is implicit unless told otherwise
  • The level of detail your organization needs to provide a customer for what they are signing up for also need to be improved, and better documentation of records of consent need to be maintained

It might seem like a lot of extra work, but with the right planning your organization can become GDPR compliant — and improve your business in the process. GDPR is great reminder to businesses that information about individuals is simply on loan — not owned — and organizations have a responsibility to look after it.

It’s not just a matter of confidentiality; it’s about integrity, accuracy, and availability — and it’s just plain good business practice.