To be compliant with the new data protection regulation firms must ensure that:
- Data is up-to-date: GDPR Article 5 states that “Every reasonable step must be taken to ensure that personal data that are inaccurate…are erased or rectified without delay”. Poor quality data is a key issue for many businesses and steps must be taken to ensure that personal data is accurate and up-to-date.
- Customers have the right to opt-out of marketing: Should a customer opt-out, it’s vital that businesses immediately cease all marketing to that customer.
- Customers have the right to opt-out of automated profiling: This will impact the use of Customer Relationship Management (CRM) systems and will create challenges for businesses seeking to re-target past customers. Technical issues around the identification and removal of duplicate customer profiles from multiple databases are also likely to arise.
- Customers have the right to request data held about them for free: Should a customer request access to their data, businesses will be required to provide to the customer all data currently held about them in an easily accessible format. Implementing this may well prove to be onerous for businesses that are not properly managing their customer data.
- Transparency is at the heart of the GDPR and businesses are obliged to ensure that customers understand at all times what data is being collected and what is the purpose for which it’s being processed.
- Where data is being processed, on the basis of consent, organisations must have clear consent to use customer data. The Regulation states that consent must clear and must be as easy to withdraw as it was to give.