GDPR Getting Data Protection Right | A fundamental pillar of the trust debate

Over the last few years we have been debating, lobbying and socialising the fears and concerns that an overly harsh update to the data protection laws in the EU might do to the marketing sector. Now that the EU General Data Protection Regulation (GDPR) has been ratified, we finally have more clarity, and the hard work can begin on its implementation. 

I recall the direct marketing sector often referring to the downside the GDPR might have on it, and whilst I appreciate there is still a huge amount of risk to many organisations and business models, I don’t recall much of a citizen-centric view being taken. During this time the attitudes and understanding by the citizen towards the use and protection of their own personal data and the value that exists within it has been gathering pace. Whilst the GDPR seeks to protect and respect the individuals’ personal data and its use, an uncompromising adoption of the Regulation sooner rather than later has the ability to accelerate an organisation’s respect from the citizen – what some are calling a new era of “Growth Through Trust”.

“Trust” can mean many things, from transparency on how much the CEO of a charity is being paid, to what percentage of the funds raised are being spent on good causes and who is the charity sharing my data with? The guardianship of a citizen’s data, information and the permissions attached to it is a fundamental pillar of the trust debate.

In May 2014, the World Economic Forum published a paper titled “Rethinking Personal Data: A New Lens for Strengthening Trust”. The paper was the output of a multi-year initiative with global insights from the highest levels of leadership from industry, governments, civil society and academia, and aimed to articulate an up-and-coming vision of the value a balanced and human-centred personal data ecosystem could create. The key theme that came out of the research was the need for pragmatic and scalable approaches to personal data which strengthen transparency, accountability and the empowerment of individuals, and went as far as stating this to be a global priority. It highlighted the need for solutions and tools that answer fundamental questions – who has the data, where is the data and what is being done with it?

GDPR is therefore a great starting point to develop a Growth Through Trust model and organisations should be embracing the new legislation as a whole rather than just viewing it as an upgrade to the current UK Data Protection Act. Adopting a citizen centric model towards GDPR and empowering the citizen to fully control the access of their personal data by an organisation is one way to build trust. It also has the benefit of sharing accountability of the control of the data – potentially making the citizen their own data controller. 

The Data-Value Exchange: A few years ago we would never have considered a citizen wanting a consent portal or the ability to control the data usage permissions they have given to an organisation, but today this is fast becoming a reality. A recent DMA research report found that 91% of respondents wanted more control over the personal information they give organisations and the way it is stored. 38% of people cited trust as one of the key drivers for sharing data, far outweighing “freebies” and lower prices which received 10% and 6% of responses respectively. This is reinforced by DataIQ’s recent research, (GDPR: Idenitifying its impact on marketers and the consumer’s moment of truth) which found 41% of consumers do not need or expect anything in exchange for their personal data, they will give permission to use and store it if they believe it is relevant. This information underpins the need for transparency and clarity in the data value exchange.

The 5Ws: Like the 5Ps which is a mix of business activities to build a brand and a business, we like to think of the 5Ws as an approach to building trust through GDPR.

Make the following clear to the individual:

WHAT data is being collected

WHY is it being collected and for what specific purpose (consent statement)

WHO will have access to the data

Make sure you capture:

WHEN and 

WHERE the permission was granted

Technology teams, creative, marketing, copywriting, legal and compliance are all going to have to work together seamlessly to capture and secure the data, deliver clear consent statements and provide frictionless methods for gaining and managing permissions. 

The new regulation will undoubtedly create challenges and if not carefully managed could have a big impact on current fundraising practices. However smart organisations will also see the potential in embracing the overall ethos of “growth through trust” to build stronger relationships with its supporters and reap the rewards.

J Cromack

J is a co-founder of MyLife Digital and CEO of Wood for Trees.

MyLife Digital

In late 2014 MyLife Digital was established to build a trust platform for organisations to empower their members, supporters or customers to control their own data… who can see it, who can share it and what can be done with it. This will help individuals and organisations unlock the value in this data to deliver informed insights from informed consent.

Wood for Trees

Wood for Trees makes things happen through data analytics and insight. They collaborate with some of the world’s best-known charities and not-for-profit organisations to improve fundraising efficiency and performance.


Falling off the data wagon!

January 3rd 2015 and I am already feeling the draw of data.  I made a promise to myself when I left my last role in data, I would take a break from hypothesising about the insights data can deliver to brands and businesses.

Yet here we are 5 weeks on, Christmas and New Year celebrations just over and I am already hypothesising – this time about equities!  I am not about to give away my idea on how I think you can predict the stock market, but to say it involves easily accessible data such as social sentiment, economic data and a few simple rules!

This then got me thinking about the right to be forgotten and the GDPR debate plus a book I read in the summer of 2014, called The Circle by Dave Eggers.

“The Circle is a work so germane to our times that it may well come to be considered as the most on-the-money satirical commentary on the early internet age.” 

Edward Docx, The Guardian October 2013.

This book has made me challenge my ethics when it came data mining and what me and my colleagues were trying to do to better understand human behaviour and how we could use gentle nudges to influence that behaviour. Reading this book, has helped me understand why new regulations (like the [potential] forthcoming GDPR) are needed to catch up with the digital age.

But if trust in organisations declines and people start to go off grid, as per the Circle, a digital society may be halted and we all suffer – society, business and the people themselves.

I accept that we want to hide certain things about ourselves, but we need to help business, brands and even governments understand more about us so we can receive better services, messages and value. But for this to work, we have to trust the organisations with our data and be in control of how our personal data is being used (both obtained and received) and for what purpose. I’m not just talking about targeted sales messages about the latest Rapha cycling bib shorts (in the case of this author), but preventative messages such as health related ones.  These could be based on data shared from something like a Garmin, profile data; including age, sex, where we live, the restaurants and pubs we visit as well as the frequency!  This may seem like big brother, but it then comes down to how this data is used ethically and the way the message is presented to help better people’s lives. What I mean by this is simple, the message shouldn’t say…we know you visit the pub 3 times a week and your average heart rate when cycling on the flat looks pretty worrying! But a service message advising a general health check at the local health centre, together with a map and simple booking procedure. (If only I could get past the receptionist at our health centre!!!).

The upsides of sharing and giving permission to use our data are huge.  The two use cases above would help us because I’d only get ads I’m interested in, and if we could prevent more illness by identifying at risk individuals and screening earlier, the burden on the health service could be significantly reduced saving hundreds of millions of pounds (as well as lives saved).

As a data practitioner I am in total agreement with the rules that we abide by when managing and processing data, but too often we tend to focus on the downsides of sharing personal data and how we store and protect it and not enough time delivering the true value and benefits that can be delivered from trusted data.

With the GDPR (still in draft) looking likely to be a focus for many organisations in the years to come, I believe it should be embraced and leveraged so all organisations can become trusted data stewards and grow by building trust with their consumers, patients, customers [etc], by putting their data into their hands and empower them to use it.

The personal data revolution is happening, and I have a sneaky feeling something big is about to happen.

Happy New Year!

J Cromack  January 3rd 2015

Views on the world of Data Privacy, Big Data, Data Science and its potential impact on the World we live in today

%d bloggers like this: