SlideShare a Scribd company logo

The GDPR - A data revolution

Download as PPTX, PDF
D
Dan Brookman

Here's a short presentation on the GDPR, first presented at the Morning Advertiser MA500 event in Edinburgh on 14th September. This is an overview regulations.

Marketing
1 of 22
The GDPR: a data revolution? Presented by Dan Brookman Twitter: @danbrookman // @AirshipTeam
Who we are Airship is a digital customer experience specialist. At our heart is the Airship CRM, a powerful data acquisition, segmentation and broadcast platform that drives revenue through intelligent customer journeys. Revolution Tasty PLC Brewhouse and Kitchen Stonegate Living Ventures Hickory’s Cote Restaurants Yummy Apartment Group Rosa’s Thai Mission Mars Hydes JW Lees West Cornwall Pasty Co Bargain Booze Some Clients
Introduction General Data Protection Regulation (GDPR) Comes into force on 25th May 2018 GDPR is new legislation which introduces a wide range of reforms with significant effect on data collection, processing and storage activities. It provides individuals with a suite of new rights in relation their data. No brexit impact, the laws have already been adopted. There maybe implications in the future but the ICO (Information Commissioner's Office) have been pushing for tougher laws for years (so probably not).
It needn’t be a burden... It should be seen as an opportunity; - Build customer trust - Higher engagement - Enhance your reputation You are going to see a decline in the amount of new data acquired; however, this is a good thing. The issue of poor quality data and over-acquisition has blighted businesses for years. Opt-ins have been too soft or non-existent, company boards have focussed on the big number, customers have been seen as data records… rather than customers. The GDPR is an opportunity.
More Trust A 2016 study by the Chartered Institute of Marketing revealed: - 57% of respondents say they do not trust an organisation to use their data responsibly. - 70% of consumers still fail to see the benefit of sharing their personal data at all. - However, two-thirds (67%) of customers actually say they would share more personal information if organisations were more open about how they will use it. Conclusion The GDPR will help build trust with consumers: be on your front foot, clarity for your customers will yield results!
Don’t... MoneySupermarket, Flybe & Honda - All have been recently prosecuted for sending emails to customers who they had not had permission to market to or had previously unsubscribed. Don’t use GDPR as an excuse to pull a fast one on your customers: if they are currently opted out, they remain opted out.
Do...(maybe)
Don’t Panic While the regulations come into force on 25th May 2018, it's more than likely going to take a while for them to bed in. A number of provisions are ambiguous and guidance is being drafted by the ICO. No doubt there’ll be a number of test cases before legislation is amended. We’ve all heard the scaremongering around the hefty fines and they are certainly true… the higher of up to £17m or 4% of global turnover plus court litigation… however… The ICO closed 17,300 cases last year and only 16 resulted in fines for the organisations concerned. The ICO’s commitment is to guiding, advising and educating organisations about how to comply with the law. This will not change under the GDPR. "We have always preferred the carrot to the stick." I’m not recommending that you ignore GDPR; I’m recommending that you get your businesses up to speed on GDPR, do your audits, follow the guidelines set out by the ICO, do not panic, and hit the ground running come May 2018.
Understanding your data sources Digital Inhouse: Paper sign-ups Comment Cards Business Card Drops Sales Enquiries All businesses have many data sources, as part of your audits you’ll need to ensure that you understand each of those sources and ensure that they are compliant with the GDPR. In the same way, you’ll need to ensure that any inhouse activity is collected under the regulations. The digital sources above are transactional tables within the Airship CRM where we store each instance of customer engagement.
WiFi Session: Week View Data automatically categorised by day, session and manually by event. Where you segment customers or profile them based on their activity, you’ll need to let them know how the information is used. This dashboard shows how we take WiFi data and segment customers based on what’s on in the venue at the time they are in their WiFi session.
Let’s look at some consumer rights...
To be informed Consent must be “freely given, specific, informed and unambiguous” and in the case of automated decisions, consider whether “explicit” consent is required. 1. All consent opt ins should require a recordable manual action completed by a customer. 1. All consent should be granular. For example, where a customer is giving consent for email marketing they should be asked separately if they give consent to be sent text messages or receive sales calls. 1. All consent should be simply and clearly explained directly in the touchpoint they are using. The explanation should be written in a way that is fair to expect customers to understand, and positioned so that the customer can see the explanation in line with the request for consent. Reliance on linked privacy policies or legalese is no longer appropriate.
Legitimate Interests Consent is not always practical or necessary so consider the “legitimate interests” condition as well as other lawful processing conditions. Many businesses process data on the basis of their legitimate interests of sending marketing material. You will still need to collect the opt-out either at the point of collection or soon after. This may become a condition which is tested more thoroughly as a consequence of the GDPR changes affecting consent. Don’t use legitimate Interests as a catch-all for your activity.
1. UI Examples: Bargain Booze
The right of access Under the GDPR, individuals have the right to obtain: - Confirmation that their data is being processed - Access to their personal data - Other supplementary information - this largely corresponds to the information that should be provided in your privacy notice. - You can no longer charge a fee for the customer to access their data.
2. The right of access Purple WiFi have already implemented their first draft of a ‘right of access’ this example for Airship client Revolution Bars shows the stored personal information and the bars visited. It's their consideration that they meet the legitimate interest condition.
Other rights… - of rectification; (the customer has a right to update incorrect information) - of erasure (to be “forgotten”); (the customer has the right to have their data deleted) - to restrict processing; (where you are doing additional segmentation or profiling, the customer has the right to opt-out) - of data portability; (the customer has the right to request an export of their data. A scenario for this might be a customer taking data from their insurance company and supplying it to a competitor for a quote) - to object; and (if a customer objects, you must stop all activity immediately). - certain rights related to automated decision making and profiling (this final point is quite interesting; a scenario might be that you’ve applied for a loan and been refused, you can request the decision making process is shared with you)
Other key points to consider 1. Accountability and governance - The new accountability principle 5(2) requires you demonstrate that you comply with the principles and states explicitly that this is your responsibility. 2. Breach Notification - whether you are the data processor or controller
Privacy by Design Although not a new concept privacy by design is a key part of implementing GDPR. The ICO describes it as ‘an approach to projects that promotes privacy and data protection compliance from the start’. Whereas this is currently just a recommendation, GDPR makes this a requirement. The best approach to ensure the implementation of privacy by design is through completing privacy impact assessments when planning or reviewing IT projects. Storage of Personal Data It is important where possible to minimise the storage of ‘personal data’ while also ensuring that we have the data you need to deliver your goals. To this end it is important that we use anonymisation and pseudonymisation so that data can be stored in a way which would only in some cases be considered personal data.
Conclusion So do you ‘just’ comply or do you become a lean, clean data-driven marketing machine? Saving time and money: maintaining and learning about your customers, and creating better relationships. I know what I would choose and what Airship will be recommending to their clients. The hospitality industry can take a lead on this: it’s time to clean-up. Thanks for your time.
The Lawyer bit… Disclaimer…. Thanks to our lawyers, Excello Law, for their help in drafting this presentation. The details provided in this presentation are for information purposes only and should not be relied on as legal advice for the purposes of your business. You are recommended to seek independent legal advice with regard to any of the above before acting upon the same. Both Airship and Excello Law exclude any liability as a consequence of any reliance on this presentation. . Contacts: Dan Brookman E: dan.brookman@airship.co.uk M:07966 796581 Peter Rawlinson: specialist commercial, IT and data protection contract lawyer: E: prawlinson@excellolaw.co.uk M: 07899906476 DD: 0114 2755517

Recommended

Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
FactoVia
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
Veritas Technologies LLC
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
Veritas Technologies LLC
 
eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017
Veritas Technologies LLC
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
Veritas Technologies LLC
 
Peter Grimmond – Harnessing the power of data
Peter Grimmond – Harnessing the power of dataPeter Grimmond – Harnessing the power of data
Peter Grimmond – Harnessing the power of data
Veritas Technologies LLC
 
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Veritas Technologies LLC
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart City
Peter Waher
 

Recommended

Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
FactoVia
 
Phil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of viewPhil Carter of IDC: An analyst point of view
Phil Carter of IDC: An analyst point of view
Veritas Technologies LLC
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
Veritas Technologies LLC
 
eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017eDiscovery platform EMEA user conference 2017
eDiscovery platform EMEA user conference 2017
Veritas Technologies LLC
 
Jason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEAJason Tooley – Welcome to Vision Solution Day EMEA
Jason Tooley – Welcome to Vision Solution Day EMEA
Veritas Technologies LLC
 
Peter Grimmond – Harnessing the power of data
Peter Grimmond – Harnessing the power of dataPeter Grimmond – Harnessing the power of data
Peter Grimmond – Harnessing the power of data
Veritas Technologies LLC
 
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Keynote session – Mitigate risks and stay compliant with Chris Bridgland and ...
Veritas Technologies LLC
 
Smart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart CitySmart City Lecture 2 - Privacy in the Smart City
Smart City Lecture 2 - Privacy in the Smart City
Peter Waher
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
UlfMattsson7
 
David Noy – Realising the true potential of software-defined storage
David Noy – Realising the true potential of software-defined storageDavid Noy – Realising the true potential of software-defined storage
David Noy – Realising the true potential of software-defined storage
Veritas Technologies LLC
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
Ray Bugg
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
Peter Waher
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challenges
Tom Kirby
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
Editor IJCATR
 
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceGDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
Cloudera, Inc.
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & OverviewIEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
Peter Waher
 
Smart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsSmart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of Things
Peter Waher
 
N-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysN-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 days
Solarwinds N-able
 
Cloud data security and GDPR compliance
Cloud data security and GDPR complianceCloud data security and GDPR compliance
Cloud data security and GDPR compliance
Salim Benadel
 
Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017
Nelson Petracek
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Data Con LA
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
Export Promotion Bureau
 
VSD Zurich 2018: The Data Opportunity
VSD Zurich 2018: The Data OpportunityVSD Zurich 2018: The Data Opportunity
VSD Zurich 2018: The Data Opportunity
Veritas Technologies LLC
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
Ubisecure
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
Serversys
 

More Related Content

What's hot

Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
Peter Waher
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
Peter Waher
 
N-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysN-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 days
Solarwinds N-able
 

What's hot (20)

Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
 
David Noy – Realising the true potential of software-defined storage
David Noy – Realising the true potential of software-defined storageDavid Noy – Realising the true potential of software-defined storage
David Noy – Realising the true potential of software-defined storage
 
Scot-Cloud 2015
Scot-Cloud 2015Scot-Cloud 2015
Scot-Cloud 2015
 
Cross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperationCross domain autonomous cooperation cross-domain autonomous cooperation
Cross domain autonomous cooperation cross-domain autonomous cooperation
 
Smart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart CitySmart City Lecture 3 - An Open And/Or Secure Smart City
Smart City Lecture 3 - An Open And/Or Secure Smart City
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challenges
 
Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security Issues
 
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living ComplianceGDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
GDPR: 20 Million Reasons to Get Ready - Part 2: Living Compliance
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & OverviewIEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
IEEE Standards Impact in IoT and 5G, Day 1, Session 1 - Introduction & Overview
 
Smart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of ThingsSmart City Lecture 4 - Harmonizing the Internet of Things
Smart City Lecture 4 - Harmonizing the Internet of Things
 
N-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 daysN-able webinar:Build recurring revenue in 45 days
N-able webinar:Build recurring revenue in 45 days
 
Cloud data security and GDPR compliance
Cloud data security and GDPR complianceCloud data security and GDPR compliance
Cloud data security and GDPR compliance
 
Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
Big Data Day LA 2016/ NoSQL track - Privacy vs. Security in a Big Data World,...
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
VSD Zurich 2018: The Data Opportunity
VSD Zurich 2018: The Data OpportunityVSD Zurich 2018: The Data Opportunity
VSD Zurich 2018: The Data Opportunity
 

Similar to The GDPR - A data revolution

GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
Integrate
 

Similar to The GDPR - A data revolution (20)

General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
GDPR Explained in Simple Terms for Hospitality Owners
GDPR Explained in Simple Terms for Hospitality OwnersGDPR Explained in Simple Terms for Hospitality Owners
GDPR Explained in Simple Terms for Hospitality Owners
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
 
GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers GDPR 
- The Do’s and Don'ts for Marketeers
GDPR 
- The Do’s and Don'ts for Marketeers
 
How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 

Recently uploaded

4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
Cara Menggugurkan Kandungan 087776558899
 
[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered
Search Engine Journal
 

Recently uploaded (20)

Choosing the Right White Label SEO Services to Boost Your Agency's Growth.pdf
Choosing the Right White Label SEO Services to Boost Your Agency's Growth.pdfChoosing the Right White Label SEO Services to Boost Your Agency's Growth.pdf
Choosing the Right White Label SEO Services to Boost Your Agency's Growth.pdf
 
W.H.Bender Quote 61 -Influential restaurant and food service industry network...
W.H.Bender Quote 61 -Influential restaurant and food service industry network...W.H.Bender Quote 61 -Influential restaurant and food service industry network...
W.H.Bender Quote 61 -Influential restaurant and food service industry network...
 
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
10 Email Marketing Best Practices to Increase Engagements, CTR, And ROI
 
Crypto Quantum Leap - Digital - membership area
Crypto Quantum Leap - Digital - membership areaCrypto Quantum Leap - Digital - membership area
Crypto Quantum Leap - Digital - membership area
 
TAM_AdEx-Cross_Media_Report-Banking_Finance_Investment_(BFSI)_2023.pdf
TAM_AdEx-Cross_Media_Report-Banking_Finance_Investment_(BFSI)_2023.pdfTAM_AdEx-Cross_Media_Report-Banking_Finance_Investment_(BFSI)_2023.pdf
TAM_AdEx-Cross_Media_Report-Banking_Finance_Investment_(BFSI)_2023.pdf
 
Cartona.pptx. Marketing how to present your project very well , discussed a...
Cartona.pptx. Marketing how to present your project very well , discussed a...Cartona.pptx. Marketing how to present your project very well , discussed a...
Cartona.pptx. Marketing how to present your project very well , discussed a...
 
SP Search Term Data Optimization Template.pdf
SP Search Term Data Optimization Template.pdfSP Search Term Data Optimization Template.pdf
SP Search Term Data Optimization Template.pdf
 
Alpha Media March 2024 Buyers Guide.pptx
Alpha Media March 2024 Buyers Guide.pptxAlpha Media March 2024 Buyers Guide.pptx
Alpha Media March 2024 Buyers Guide.pptx
 
The 9th May Incident in Pakistan A Turning Point in History.pptx
The 9th May Incident in Pakistan A Turning Point in History.pptxThe 9th May Incident in Pakistan A Turning Point in History.pptx
The 9th May Incident in Pakistan A Turning Point in History.pptx
 
Social Media Marketing Portfolio - Maharsh Benday
Social Media Marketing Portfolio - Maharsh BendaySocial Media Marketing Portfolio - Maharsh Benday
Social Media Marketing Portfolio - Maharsh Benday
 
Optimizing Your Marketing with AI-Powered Prompts
Optimizing Your Marketing with AI-Powered PromptsOptimizing Your Marketing with AI-Powered Prompts
Optimizing Your Marketing with AI-Powered Prompts
 
4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
4 TRIK CARA MENGGUGURKAN JANIN ATAU ABORSI KANDUNGAN
 
Rise and fall of Kulula.com, an airline won consumers by different marketing ...
Rise and fall of Kulula.com, an airline won consumers by different marketing ...Rise and fall of Kulula.com, an airline won consumers by different marketing ...
Rise and fall of Kulula.com, an airline won consumers by different marketing ...
 
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdfMicro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
 
Aiizennxqc Digital Marketing | SEO & SMM
Aiizennxqc Digital Marketing | SEO & SMMAiizennxqc Digital Marketing | SEO & SMM
Aiizennxqc Digital Marketing | SEO & SMM
 
[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered
 
VIP Call Girls Dongri WhatsApp +91-9833363713, Full Night Service
VIP Call Girls Dongri WhatsApp +91-9833363713, Full Night ServiceVIP Call Girls Dongri WhatsApp +91-9833363713, Full Night Service
VIP Call Girls Dongri WhatsApp +91-9833363713, Full Night Service
 
2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com
 
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift AdvertisingElevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
 
Tata Punch brochure with complete detail of all the variants
Tata Punch brochure with complete detail of all the variantsTata Punch brochure with complete detail of all the variants
Tata Punch brochure with complete detail of all the variants
 

The GDPR - A data revolution

  • 1. The GDPR: a data revolution? Presented by Dan Brookman Twitter: @danbrookman // @AirshipTeam
  • 2. Who we are Airship is a digital customer experience specialist. At our heart is the Airship CRM, a powerful data acquisition, segmentation and broadcast platform that drives revenue through intelligent customer journeys. Revolution Tasty PLC Brewhouse and Kitchen Stonegate Living Ventures Hickory’s Cote Restaurants Yummy Apartment Group Rosa’s Thai Mission Mars Hydes JW Lees West Cornwall Pasty Co Bargain Booze Some Clients
  • 3. Introduction General Data Protection Regulation (GDPR) Comes into force on 25th May 2018 GDPR is new legislation which introduces a wide range of reforms with significant effect on data collection, processing and storage activities. It provides individuals with a suite of new rights in relation their data. No brexit impact, the laws have already been adopted. There maybe implications in the future but the ICO (Information Commissioner's Office) have been pushing for tougher laws for years (so probably not).
  • 4. It needn’t be a burden... It should be seen as an opportunity; - Build customer trust - Higher engagement - Enhance your reputation You are going to see a decline in the amount of new data acquired; however, this is a good thing. The issue of poor quality data and over-acquisition has blighted businesses for years. Opt-ins have been too soft or non-existent, company boards have focussed on the big number, customers have been seen as data records… rather than customers. The GDPR is an opportunity.
  • 5. More Trust A 2016 study by the Chartered Institute of Marketing revealed: - 57% of respondents say they do not trust an organisation to use their data responsibly. - 70% of consumers still fail to see the benefit of sharing their personal data at all. - However, two-thirds (67%) of customers actually say they would share more personal information if organisations were more open about how they will use it. Conclusion The GDPR will help build trust with consumers: be on your front foot, clarity for your customers will yield results!
  • 6. Don’t... MoneySupermarket, Flybe & Honda - All have been recently prosecuted for sending emails to customers who they had not had permission to market to or had previously unsubscribed. Don’t use GDPR as an excuse to pull a fast one on your customers: if they are currently opted out, they remain opted out.
  • 8. Don’t Panic While the regulations come into force on 25th May 2018, it's more than likely going to take a while for them to bed in. A number of provisions are ambiguous and guidance is being drafted by the ICO. No doubt there’ll be a number of test cases before legislation is amended. We’ve all heard the scaremongering around the hefty fines and they are certainly true… the higher of up to £17m or 4% of global turnover plus court litigation… however… The ICO closed 17,300 cases last year and only 16 resulted in fines for the organisations concerned. The ICO’s commitment is to guiding, advising and educating organisations about how to comply with the law. This will not change under the GDPR. "We have always preferred the carrot to the stick." I’m not recommending that you ignore GDPR; I’m recommending that you get your businesses up to speed on GDPR, do your audits, follow the guidelines set out by the ICO, do not panic, and hit the ground running come May 2018.
  • 9. Understanding your data sources Digital Inhouse: Paper sign-ups Comment Cards Business Card Drops Sales Enquiries All businesses have many data sources, as part of your audits you’ll need to ensure that you understand each of those sources and ensure that they are compliant with the GDPR. In the same way, you’ll need to ensure that any inhouse activity is collected under the regulations. The digital sources above are transactional tables within the Airship CRM where we store each instance of customer engagement.
  • 10. WiFi Session: Week View Data automatically categorised by day, session and manually by event. Where you segment customers or profile them based on their activity, you’ll need to let them know how the information is used. This dashboard shows how we take WiFi data and segment customers based on what’s on in the venue at the time they are in their WiFi session.
  • 11. Let’s look at some consumer rights...
  • 12. To be informed Consent must be “freely given, specific, informed and unambiguous” and in the case of automated decisions, consider whether “explicit” consent is required. 1. All consent opt ins should require a recordable manual action completed by a customer. 1. All consent should be granular. For example, where a customer is giving consent for email marketing they should be asked separately if they give consent to be sent text messages or receive sales calls. 1. All consent should be simply and clearly explained directly in the touchpoint they are using. The explanation should be written in a way that is fair to expect customers to understand, and positioned so that the customer can see the explanation in line with the request for consent. Reliance on linked privacy policies or legalese is no longer appropriate.
  • 13. Legitimate Interests Consent is not always practical or necessary so consider the “legitimate interests” condition as well as other lawful processing conditions. Many businesses process data on the basis of their legitimate interests of sending marketing material. You will still need to collect the opt-out either at the point of collection or soon after. This may become a condition which is tested more thoroughly as a consequence of the GDPR changes affecting consent. Don’t use legitimate Interests as a catch-all for your activity.
  • 14. 1. UI Examples: Bargain Booze
  • 15. The right of access Under the GDPR, individuals have the right to obtain: - Confirmation that their data is being processed - Access to their personal data - Other supplementary information - this largely corresponds to the information that should be provided in your privacy notice. - You can no longer charge a fee for the customer to access their data.
  • 16. 2. The right of access Purple WiFi have already implemented their first draft of a ‘right of access’ this example for Airship client Revolution Bars shows the stored personal information and the bars visited. It's their consideration that they meet the legitimate interest condition.
  • 17. Other rights… - of rectification; (the customer has a right to update incorrect information) - of erasure (to be “forgotten”); (the customer has the right to have their data deleted) - to restrict processing; (where you are doing additional segmentation or profiling, the customer has the right to opt-out) - of data portability; (the customer has the right to request an export of their data. A scenario for this might be a customer taking data from their insurance company and supplying it to a competitor for a quote) - to object; and (if a customer objects, you must stop all activity immediately). - certain rights related to automated decision making and profiling (this final point is quite interesting; a scenario might be that you’ve applied for a loan and been refused, you can request the decision making process is shared with you)
  • 18. Other key points to consider 1. Accountability and governance - The new accountability principle 5(2) requires you demonstrate that you comply with the principles and states explicitly that this is your responsibility. 2. Breach Notification - whether you are the data processor or controller
  • 19. Privacy by Design Although not a new concept privacy by design is a key part of implementing GDPR. The ICO describes it as ‘an approach to projects that promotes privacy and data protection compliance from the start’. Whereas this is currently just a recommendation, GDPR makes this a requirement. The best approach to ensure the implementation of privacy by design is through completing privacy impact assessments when planning or reviewing IT projects. Storage of Personal Data It is important where possible to minimise the storage of ‘personal data’ while also ensuring that we have the data you need to deliver your goals. To this end it is important that we use anonymisation and pseudonymisation so that data can be stored in a way which would only in some cases be considered personal data.
  • 20.
  • 21. Conclusion So do you ‘just’ comply or do you become a lean, clean data-driven marketing machine? Saving time and money: maintaining and learning about your customers, and creating better relationships. I know what I would choose and what Airship will be recommending to their clients. The hospitality industry can take a lead on this: it’s time to clean-up. Thanks for your time.
  • 22. The Lawyer bit… Disclaimer…. Thanks to our lawyers, Excello Law, for their help in drafting this presentation. The details provided in this presentation are for information purposes only and should not be relied on as legal advice for the purposes of your business. You are recommended to seek independent legal advice with regard to any of the above before acting upon the same. Both Airship and Excello Law exclude any liability as a consequence of any reliance on this presentation. . Contacts: Dan Brookman E: dan.brookman@airship.co.uk M:07966 796581 Peter Rawlinson: specialist commercial, IT and data protection contract lawyer: E: prawlinson@excellolaw.co.uk M: 07899906476 DD: 0114 2755517