GDPR Getting Data Protection Right | A fundamental pillar of the trust debate

Over the last few years we have been debating, lobbying and socialising the fears and concerns that an overly harsh update to the data protection laws in the EU might do to the marketing sector. Now that the EU General Data Protection Regulation (GDPR) has been ratified, we finally have more clarity, and the hard work can begin on its implementation. 

I recall the direct marketing sector often referring to the downside the GDPR might have on it, and whilst I appreciate there is still a huge amount of risk to many organisations and business models, I don’t recall much of a citizen-centric view being taken. During this time the attitudes and understanding by the citizen towards the use and protection of their own personal data and the value that exists within it has been gathering pace. Whilst the GDPR seeks to protect and respect the individuals’ personal data and its use, an uncompromising adoption of the Regulation sooner rather than later has the ability to accelerate an organisation’s respect from the citizen – what some are calling a new era of “Growth Through Trust”.

“Trust” can mean many things, from transparency on how much the CEO of a charity is being paid, to what percentage of the funds raised are being spent on good causes and who is the charity sharing my data with? The guardianship of a citizen’s data, information and the permissions attached to it is a fundamental pillar of the trust debate.

In May 2014, the World Economic Forum published a paper titled “Rethinking Personal Data: A New Lens for Strengthening Trust”. The paper was the output of a multi-year initiative with global insights from the highest levels of leadership from industry, governments, civil society and academia, and aimed to articulate an up-and-coming vision of the value a balanced and human-centred personal data ecosystem could create. The key theme that came out of the research was the need for pragmatic and scalable approaches to personal data which strengthen transparency, accountability and the empowerment of individuals, and went as far as stating this to be a global priority. It highlighted the need for solutions and tools that answer fundamental questions – who has the data, where is the data and what is being done with it?

GDPR is therefore a great starting point to develop a Growth Through Trust model and organisations should be embracing the new legislation as a whole rather than just viewing it as an upgrade to the current UK Data Protection Act. Adopting a citizen centric model towards GDPR and empowering the citizen to fully control the access of their personal data by an organisation is one way to build trust. It also has the benefit of sharing accountability of the control of the data – potentially making the citizen their own data controller. 

The Data-Value Exchange: A few years ago we would never have considered a citizen wanting a consent portal or the ability to control the data usage permissions they have given to an organisation, but today this is fast becoming a reality. A recent DMA research report found that 91% of respondents wanted more control over the personal information they give organisations and the way it is stored. 38% of people cited trust as one of the key drivers for sharing data, far outweighing “freebies” and lower prices which received 10% and 6% of responses respectively. This is reinforced by DataIQ’s recent research, (GDPR: Idenitifying its impact on marketers and the consumer’s moment of truth) which found 41% of consumers do not need or expect anything in exchange for their personal data, they will give permission to use and store it if they believe it is relevant. This information underpins the need for transparency and clarity in the data value exchange.

The 5Ws: Like the 5Ps which is a mix of business activities to build a brand and a business, we like to think of the 5Ws as an approach to building trust through GDPR.

Make the following clear to the individual:

WHAT data is being collected

WHY is it being collected and for what specific purpose (consent statement)

WHO will have access to the data

Make sure you capture:

WHEN and 

WHERE the permission was granted

Technology teams, creative, marketing, copywriting, legal and compliance are all going to have to work together seamlessly to capture and secure the data, deliver clear consent statements and provide frictionless methods for gaining and managing permissions. 

The new regulation will undoubtedly create challenges and if not carefully managed could have a big impact on current fundraising practices. However smart organisations will also see the potential in embracing the overall ethos of “growth through trust” to build stronger relationships with its supporters and reap the rewards.

J Cromack

J is a co-founder of MyLife Digital and CEO of Wood for Trees.

MyLife Digital

In late 2014 MyLife Digital was established to build a trust platform for organisations to empower their members, supporters or customers to control their own data… who can see it, who can share it and what can be done with it. This will help individuals and organisations unlock the value in this data to deliver informed insights from informed consent.

Wood for Trees

Wood for Trees makes things happen through data analytics and insight. They collaborate with some of the world’s best-known charities and not-for-profit organisations to improve fundraising efficiency and performance.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s