GDPR Getting Data Protection Right | A fundamental pillar of the trust debate

Over the last few years we have been debating, lobbying and socialising the fears and concerns that an overly harsh update to the data protection laws in the EU might do to the marketing sector. Now that the EU General Data Protection Regulation (GDPR) has been ratified, we finally have more clarity, and the hard work can begin on its implementation. 

I recall the direct marketing sector often referring to the downside the GDPR might have on it, and whilst I appreciate there is still a huge amount of risk to many organisations and business models, I don’t recall much of a citizen-centric view being taken. During this time the attitudes and understanding by the citizen towards the use and protection of their own personal data and the value that exists within it has been gathering pace. Whilst the GDPR seeks to protect and respect the individuals’ personal data and its use, an uncompromising adoption of the Regulation sooner rather than later has the ability to accelerate an organisation’s respect from the citizen – what some are calling a new era of “Growth Through Trust”.

“Trust” can mean many things, from transparency on how much the CEO of a charity is being paid, to what percentage of the funds raised are being spent on good causes and who is the charity sharing my data with? The guardianship of a citizen’s data, information and the permissions attached to it is a fundamental pillar of the trust debate.

In May 2014, the World Economic Forum published a paper titled “Rethinking Personal Data: A New Lens for Strengthening Trust”. The paper was the output of a multi-year initiative with global insights from the highest levels of leadership from industry, governments, civil society and academia, and aimed to articulate an up-and-coming vision of the value a balanced and human-centred personal data ecosystem could create. The key theme that came out of the research was the need for pragmatic and scalable approaches to personal data which strengthen transparency, accountability and the empowerment of individuals, and went as far as stating this to be a global priority. It highlighted the need for solutions and tools that answer fundamental questions – who has the data, where is the data and what is being done with it?

GDPR is therefore a great starting point to develop a Growth Through Trust model and organisations should be embracing the new legislation as a whole rather than just viewing it as an upgrade to the current UK Data Protection Act. Adopting a citizen centric model towards GDPR and empowering the citizen to fully control the access of their personal data by an organisation is one way to build trust. It also has the benefit of sharing accountability of the control of the data – potentially making the citizen their own data controller. 

The Data-Value Exchange: A few years ago we would never have considered a citizen wanting a consent portal or the ability to control the data usage permissions they have given to an organisation, but today this is fast becoming a reality. A recent DMA research report found that 91% of respondents wanted more control over the personal information they give organisations and the way it is stored. 38% of people cited trust as one of the key drivers for sharing data, far outweighing “freebies” and lower prices which received 10% and 6% of responses respectively. This is reinforced by DataIQ’s recent research, (GDPR: Idenitifying its impact on marketers and the consumer’s moment of truth) which found 41% of consumers do not need or expect anything in exchange for their personal data, they will give permission to use and store it if they believe it is relevant. This information underpins the need for transparency and clarity in the data value exchange.

The 5Ws: Like the 5Ps which is a mix of business activities to build a brand and a business, we like to think of the 5Ws as an approach to building trust through GDPR.

Make the following clear to the individual:

WHAT data is being collected

WHY is it being collected and for what specific purpose (consent statement)

WHO will have access to the data

Make sure you capture:

WHEN and 

WHERE the permission was granted

Technology teams, creative, marketing, copywriting, legal and compliance are all going to have to work together seamlessly to capture and secure the data, deliver clear consent statements and provide frictionless methods for gaining and managing permissions. 

The new regulation will undoubtedly create challenges and if not carefully managed could have a big impact on current fundraising practices. However smart organisations will also see the potential in embracing the overall ethos of “growth through trust” to build stronger relationships with its supporters and reap the rewards.

J Cromack

J is a co-founder of MyLife Digital and CEO of Wood for Trees.

MyLife Digital

In late 2014 MyLife Digital was established to build a trust platform for organisations to empower their members, supporters or customers to control their own data… who can see it, who can share it and what can be done with it. This will help individuals and organisations unlock the value in this data to deliver informed insights from informed consent.

Wood for Trees

Wood for Trees makes things happen through data analytics and insight. They collaborate with some of the world’s best-known charities and not-for-profit organisations to improve fundraising efficiency and performance.


Falling off the data wagon!

January 3rd 2015 and I am already feeling the draw of data.  I made a promise to myself when I left my last role that I would take a break from hypothesising about data and the insights data blending can deliver to brands and business, as well as how it can significantly benefit us as individuals.

Yet here we are 5 weeks on, Christmas and New Year celebrations just over and I am already hypothesising – this time about equities!  I am not about to give away my idea on how I think you can predict the stock market, but to say it involves easily accessible data  such as social sentiment, economic data and a few simple rules! This then got me thinking about the right to be forgotten debate – if data can help fund managers who manage our pensions to predict which stocks to invest in and when, surely we should be shouting about the benefits of sharing our data.

I accept that we want to hide certain things about ourselves, but we need to help business, brands and even governments understand more about us so we can receive better targeted messages. Not just sales related messages about the latest Rapha cycling bib shorts (in the case of this author), but preventative messages such as health related ones.  These could be based on data shared from something like a Garmin, profile data; including age, sex, where we live, the restaurants and pubs we visit as well as the frequency!  This may seem like big brother, but it then comes down to how this data is used ethically and the way the message is presented to help better people’s lives. What I mean by this is simple, the message shouldn’t say…we know you visit the pub 3 times a week and your average heart rate when cycling on the flat looks pretty worrying to us! But a service ‘type’ message advising a general health check at their local health centre, together with a map and simple booking procedure. (If only I could get past the receptionist at our health centre!!!).

The upsides of sharing and giving permission to use our data are huge.  The two use cases above would help us because our pension contributions would grow at a better rate and if we could prevent more illness by identifying at risk individuals and screening earlier, the burden on the health service could be significantly reduced saving hundreds of millions of pounds (as well as your life saved!).

As a data practitioner I am in total agreement with the rules that we abide by when managing and processing data, but too often we tend to focus on the downsides of sharing our data and how we store and protect it and not enough time hypothesising about the true value and benefits we can deliver from it.

J Cromack  January 3rd 2015

Views on the world of Big Data, Data Science and its potential impact on the World we live in today

%d bloggers like this: