GDPR is the new data protection legislation which comes into effect across the EU on 25 May 2018. Most of the recent discussion around this event centres on the potential downsides for organisations, including the much-touted maximum fines of 4% of global annual turnover or 20m Euros for non-compliance.
This series of blog posts takes a different view and looks at the benefits to be gained by businesses which approach GDPR as an opportunity to review their business processes and enhance their relationships with their most important customers.
In the previous post we looked at the various legal bases for processing personal data and how these can affect the costs and benefits of retaining that data.
This post concentrates on the implications of using Consent as the legal basis for processing. If your historic consent process did not meet all the requirements of GDPR, you will need to re-request consent from your customers. You will need to do that before GDPR takes effect on 25 May 2018.
This may seem like a lot of work, but offers a great opportunity to get closer to your most valuable customers and put them in control.
First of all, you can choose to be selective about the data you retain: for instance, if you have had no response from someone for several years you might decide to drop that contact rather than expend the effort to attempt re-consent.
Of those you do attempt to contact, some will have stale contact details and hence will not respond. Others will receive your request but decide not to renew their consent.
If the re-consent process is well designed, those who do provide new consent can give you more information about their interests and preferences which will help you understand them better. You will also have consistent information across all your customers. Best of all, those who do renew the consent will feel that they are now in control of the data you hold about them and how you will use it, improving their sense of trust in you.
The net result is a customer database which has been cleared of stale data, containing only contacts who have recently given explicit consent for you to process their data, and who have given information about their interests and communication preferences.