A guide to understanding GDPR implications
Millions of people work, shop and play online every day, leaving behind volumes of data that can include sensitive information. A study by IDC estimates that by 2020 there will be 5,200GB of data for every consumer on earth. In total, that works out at 40 zettabytes, or 57 times more than every grain of sand on every beach.
Regulators have increasingly become concerned with how companies capture, manage and protect the swathes of data they hold on their customers. Within the European Union (EU), these concerns have resulted in the General Data Protection Regulation (GDPR),a new regulation which aims to give consumers greater rights and security over how their data is used.
GDPR is the most comprehensive framework of its kind in the world and will have profound implications not just for businesses operating in the EU,but any that hold data on EU citizens. Companies in breach of GDPR could face severe fines, and with an implementation date of 25 May 2018, time is running out to ensure compliance.
Merchants, which frequently come into contact with sensitive customer information like payment details, will have to be especially ready.
What is GDPR?
GDPR will effectively replace the EU Data Directive, which was established in 1995, during the early days of the internet, but is now considered inadequate to deal with current challenges. This is understandable considering the average smartphone today has 10x more processing power than a PC in 1995,while eCommerce sales are over €500billion a year in Europe alone.3
The new legislation establishes guidelines on how companies should handle customer privacy, store data securely, and respond to security breaches. It also attempts to offer a unified standard of operating across Europe so that companies do not have to deal with several regulatory environments.
For the first time, obligations will be placed on data controllers and data processors. In other words, GDPR will affect not just an organisation (the controller) but also its outsourcing provider (e.g., a cloud computing company, or a third-party payment provider). Previous legislation placed responsibility solely on the controller.
GDPR also addresses the export of personal data outside the EU. The legislation makes it clear that it does not just apply for European companies, but any business processing the data of EU citizens, even if not based in the EU.
GDPR at a glance
- GDPR was adopted in 2016 and will become effective on May 25, 2018
- Applies to businesses in the EU and any company worldwide that holds data on EU citizens
- Applies to data controllers and data processors
- Fines can be up to 4 percent of annual worldwide turnover or €20million, whichever is greater
- Claims can be made by individuals and organisations
Data management, portability and customer rights
At the heart of GDPR are a number of changes to the way that customer data is handled.Under the legislation, customers will have to give explicit permission for companies to hold data about them. But that’s not all, companies must also provide evidence that this consent has been given. One potential implication is that merchants may have to alter their auto-renewal and subscription payment processes.
Companies can no longer store a customer’s personal data simply because it may prove useful in the future, or so they can pass it on to another provider. From now on, the responsibility will be on businesses to justify why they’re retaining customer information, otherwise it may have to beerased.
There’s another important element too, one that has a historical precedent. In 2014, a Spanish property owner who’d had his house repossessed wanted this fact removed from Google searches. He took the case to the European Court of Justice (ECJ) which ruled that Google had to delete those references to him.
GDPR: Key implications for merchants
|Consent||Companies will have to actively get consent to store a customer’s personal data|
|Customer profiling||New restrictions on using data for customer profiling|
|Security and data breaches||Data breaches have to be reported within 72 hours of discovery|
|Data portability||Consumer has right to request transfer of personal data in certain circumstances|
|Data transfer||Prohibitions on transferring data to non-EEA* countries without adequate safeguards
*The EEA includes EU countries and also Iceland, Liechtenstein and Norway. It allows them to be part of the EU’s single market.
|Right to be forgotten||A business must erase an individual’s personal data in certain circumstances|
|Security||Businesses must have security systems that are appropriate to the level of risk|
This quickly became known as the ‘right to be forgotten’ and, following the ECJ case, it has been included in GDPR.
As such, businesses will need to implement new policies on data retention and deletion. According to Catherine Moore, President of J.P. Morgan Merchant Services in Europe, this will mean a new mindset for some firms: “In certain industries, data might be retained forever because a regulator might ask for it. In others, the erasing of data has not been high on the priority list as there’s been no reason for doing it.”
The right to be forgotten is a particular challenge for organisations because of the rich web of information that’s held in databases. Whereas companies may have previously been concerned about how to store and archive information, now the focus is turning to what information is held and how they can access it. For example, a merchant may have to remove someone’s personal information from all of their payment transaction record histories; if they so request.
It’s also important to realise that data does not just mean information held on a database. GDPR makes no distinction between physical and digital data: it could be customer details held on paper, or in old files at a warehouse, for example. This would now have to be made available in the event of a consumer request. Yet a recent survey in the UK by Compuware showed that 71 percent of retailers do not always know where their customer data is stored.
Given that GDPR becomes law in May 2018, merchants should already be looking at how GDPR will have an impact on their procedures. According to William Long, a Partner at law firm Sidley Austin: “If they haven’t started already then it is imperative they begin, due to the volumes of work involved and the potential ramifications for being in breach.”
Under the regulation, firms can face fines of €20million or 4 percent of global revenues, whichever is greater. And that’s just for ‘serious breaches’. Such things as failing to keep proper breach logs, or failing to report a breach within a set timescale, will carry fines of up to €10million or 2 percent of global revenue.
GDPR also allows individuals to make a claim for damages for non-financial loss.Merchants, and third party payment providers, who may unknowingly store credit card details, are frequent targets for attacks by cyber-criminals so they will have to ensure especially tight protocols in this regard. Payment providers may also start offering value-added data protection services as a means of reducing the investment required by merchants, and helping them win more business.
One area that will also be changing is the credit card authentication standard PCI DSS. Although this is unconnected to GDPR, a new standard, PCI DSS 3.2 is set to become operational in February 2018. Companies who implement this standard will be some way to becoming GDPR compliant, at least as far as payments are concerned. For example, multi-factor authentication (MFA) becomes mandatory in PCI DSS 3.2, offering retailers a way of protecting customer personal details.
The emergence of the DPO
One of the ways in which businesses can manage the new regulatory landscape is by appointing a data protection officer (DPO)with company-wide responsibility for ensuring that protection guidelines are followed. Employing a DPO will be mandatory for publicly-owned bodies, companies that regularly and systematically monitor data subjects on a large scale (such as banks or web analytics companies), or firms that handle data of a highly sensitive nature. However, it is a best-practice approach that is relevant for all companies.
Choosing such a person is a crucial part of the process. As Joel Cullin, Head of Legal for J.P. Morgan Merchant Services in Europe says:“The DPO should be an individual who has a significant amount of autonomy within the organisation and is the data protection champion.” This is because compliance with GDPR will depend on many different skills — legal, technical and financial.Appointing an effective DPO will be one way of helping an organisation keep the right side of its duties under GDPR.
A key aspect of preparing for GDPR is understanding that it’s an issue for everyone within the company. Devising a response will require a coordinated approach across the organisation, because one change can have an effect on another department. For example, making changes to consent may entail customers filling in lengthy forms, which may have an effect on online purchases, leading to an increased amount of shopping cart abandonment. So, making changes is not just the responsibility of one department — there’s a need for firms to take a wider view. GDPR could entail huge volumes of work: from amending contracts to make them compliant, changing privacy policies and notices, and altering company procedures to deal with data subject rights.
Merchants are going to have to radically rethink the way they do business. There are obvious ways in which organisations will have to change, e.g., in obtaining customer consent and shifting data retention policies. But there are more subtle changes too: there will need to be a shift in company thinking, to ensure that customer concerns are at the heart of company policy.
GDPR shouldn’t just be thought of as a burden: the organisational changes will mean greater transparency and will also offer more security for customers. Restricting the effectiveness of cyber criminals, and reducing the threat of breach, will be especially advantageous for merchants, which are frequent targets for these attacks. Companies that act quickly and robustly in implementing these changes may also find they will benefit from a greater degree of trust from their customers. By prioritising data security, they are demonstrating a willingness to put customer concerns first, which could result in reputational benefits, especially if the provisions they implement are in advance of what is required by the letter of the law.
In short, implementing GDPR may mean major changes but it should benefit businesses and customers alike. Don’t delay, however, the time for action is now: companies who haven’t started thinking about it, may find it’s already too late.
GDPR: Opportunities for merchants
- Increased trust between companies and their customers
- Protection of enterprise reputation
- Standardisation of processes across the EU
- Better data security and reduced threat of breach
International Data Corporation (IDC), ‘The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East.’ Available at: https://www.emc.com/leadership/digital-universe/2012iview/executive-summary-a-universe-of.htm. Accessed March 2017.
Tech Advisor: “How technology has changed the world in 20 years.” Available at: http://www.techadvisor.co.uk/opinion/windows/how-technology-has-changed-world-in-20-years/. Accessed June 2017.
3eCommerce Europe: “European B2C e-commerce turnover forecast to reach the €500 billion mark this year.”Available at https://www.ecommerce-europe.eu/press-item/european-b2c-e-commerce-turnover-forecast-to-reach-the-e500-billion-mark-this-year/.Accessed June 2017.
Research exposes the £68.8 billion opportunity for UK retailers
- Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the first lockdown
- 72% of Brits want retailers who started an online service during the pandemic to continue operating it full time
New data released today by global payments platform Adyen, outlines the economic gains that could be accessed by getting more UK retailers online.
Economic modelling conducted by Cebr for Adyen indicates that if the retail sector increased the proportion of turnover stemming from online channels by 5 percentage points, £68.8 billion would have been added to the economy during the first lockdown.
While retail turnover stemming from online sales has grown significantly during 2020 – from 19% to 28%, there is still considerable room for growth.
Myles Dawson, UK Managing Director of Adyen comments: “The UK retail sector is facing an incredibly tough quarter, so creating the link between physical stores and online channels is more important than ever. With the festive period approaching and many shoppers unable, or uncomfortable leaving their homes, establishing and maintaining a positive online experience is a billion-pound opportunity for retailers.”
The research of 2,000 UK consumers found that 31% are less likely to shop in physical stores now because of positive experiences shopping online during the pandemic. Furthermore, 72% of these consumers want retailers who started an online service during the pandemic to continue operating it in the long term.
However, making the process of shopping online as frictionless as possible will be key to unlocking the opportunity presented by online channels. 70% of Brits say that when shopping online, the ease of use is as important as the quality of the product, and 72% won’t shop with a retailer whose website or app is difficult to navigate.
Myles Dawson concludes: “Many retailers did amazing things during the pandemic in terms of adapting and creating new experiences – it’s a testimony to their agility that 57% of Brits said their expectations of the retail sector has improved during the pandemic. The challenge now is to consistently meet these expectations going forward. With local lockdowns in place, online channels will be key to serving many consumers in the short term. However, retailers need to see the shift to unified commerce as a long-term trend. The sooner they can demonstrate agility and jump on board, the longer they’ll reap the rewards.”
2 Research conducted by Opinium Research LLP
Want to serve your customers better? An effective online strategy is what financial institutions need
By Anna Willems, Marketing Director, Mention
A strong online presence matters.
Having a strong online presence, that involves social media is now a crucial part of all business strategies. Whether they are retail brands, sports teams, libraries or even restaurants, most companies are investing more and more in developing their digital brand image and online presence – financial institutions are no exception.
When it comes to market trends and innovation, financial institutions are first on the line. After all, we — people and companies — trust them to manage our money to the best of their abilities. And even more so than any other market, we demand secure, trustworthy, fast and user-friendly services.
Reaching such high expectations is not a given. To this point, banks and other financial institutions have no other choice but to have a perfect understanding of their market, their audience, and their needs. What they need to get there is a fail-proof online strategy.
Gaining a deep understanding of your market
One of the best things about using social media to learn about your audience is that people give unsolicited opinions. They speak their mind and share their thoughts candidly.
This is the key to help any business to learn about themselves. They get to analyze their audience’s challenges and aspirations without having to ask them directly or serve them time-consuming surveys and polls.
UK-based Asto, a company that is part of the Santander Group, is committed to helping small businesses have access to financial and non-financial tools. Asto was looking for something that could help them discover what their target audience was talking about and find opportunities to add to the conversation. Mention enabled Asto to keep on top of reviews and customer comments, which has helped us provide a better service for our customers.
Which platform suits your offering the best?
There’s no point choosing to create campaigns on TikTok if your customers don’t use it – you need to think about who they are and work back from there.
You do this by automating the process using a social listening tool. A social listening tool will help you to view your market as a whole and identify where the key conversations are happening — and, therefore, where you should be. What’s more, you will never miss any relevant mention of your institutions, products, services, or competitors.
Handling a crisis
Financial institutions need to watch carefully for negative press – social media is the first place people will go to if they feel they’re not getting the service they need. In theory, rogue employees or unhappy clients can post anything they like online to try and hurt your brand. And if their messages gain traction, you’ve gone from one person saying bad things, to thousands.
That’s why listening needs to be part of any crisis management plan. Now, sometimes, there are crises you cannot prevent. And those usually hit pretty hard.
Power of influencers
For an influencer marketing campaign to work for your financial institution, partnering with nano content creators may well be the best way to go. They’re ability to play a part in how they shape your brand story can make a huge difference when it comes to engagement and reason to believe in your service.
Many financial institutions are already leveraging influencer marketing. It’s an efficient strategy to: Build trust and gain credibility, reach out to new audiences and share engaging stories.
The online review conundrum
94% of consumers check online reviews before they decide to buy something or subscribe to a service. They need what we call social proof. It says that the more people say they use your service, the more it will look like a good service. In short, you need to show how happy people are using your service. But not all online reviews are positive.
Having said that, we find that financial institutions shouldn’t ignore negative reviews. Instead, embrace them as an opportunity to rebuild trust in your brand. Less delicately put, take the bull by the horns and turn them to your advantage. Always respond to relevant complaints (and as fast as possible). Take responsibility for what happened. Be helpful.
And ignore trolls.
Learn from the competition
Over the last two decades, a marketer’s daily life has greatly evolved. Most importantly, we now can measure everything we do, including the consequences of our actions on our business. Having said that, you can’t evaluate how well you’re doing without comparing against
Truth is that 77% of businesses rely on listening to keep an eye on their competitors. What this means is that 4 in 5 of your direct competitors are likely watching each and every single step you take. And you should do the same.
Setting the trend
From staying up to date with the latest industry trends and innovations, to keeping an eye on the competitors’ newest services, to being the first to know of potential brand crises – tracking relevant online conversations lets marketing and communication professionals working for financial institutions to stay one step ahead in an industry that is leading change and innovation.
Why the Boom is Long Overdue (and Here to Stay)
By Roger James Hamilton, CEO, Genius Group
Virtually every aspect of our lives has been taken over by tech, so why is it that our schools, that are educating the business leaders of tomorrow, are still operating in much the same format as they did 100 years ago?
The global pandemic put digital learning in the spotlight and an Edtech boom has ensued, with companies like Coursera, Quizlet and Udemy seeing unicorn style growth. And the market is not slowing down. The education technology (Edtech) boom will continue.
Resilience and Growth
Unicorns are defined by rapid growth. Traditionally, these companies are not overly concerned with early profitability, long-term sustainability or value creation as much as with putting their competitors out of business.
But something different is going on in the Edtech market. The unicorn has lost its appeal. When learning platform Quizlet achieved unicorn status this year, CEO Matthew Glotzbach was keen to play down the moniker reserved for start-ups valued at $1 billion or more, preferring to liken his company to a camel.
Unlike unicorns, camels are real, hardworking beasts. Respected for their adaptability to various climates, resilience, and abilities to survive for long periods without sustenance. These are all traits much better suited to weather the economic storms created by the pandemic.
Despite their considerable abilities to adapt to challenging conditions, the climate is looking particularly sunny for camels within the Edtech market. In fact, all creatures great and small have the potential to capitalise on unprecedented growth in this sector.
The nature of education makes it a traditionally slow-moving area, which renders it unattractive to some investors. Yet, the coronavirus outbreak and subsequent surge in remote learning this year triggered a flurry of uptake in e-learning platforms.
We’ve seen the adoption rate for new technologies be accelerated by events like this before. For example, the SARS crisis of 2003 contributed to the boom in China’s ecommerce industry, as quarantines lead consumers to shop online. Of course, this market trend did not slow down once quarantine restrictions were lifted. Ever since, global online sales have risen exponentially. The same is set to happen in the Edtech market.
Providing a Solution
As with ecommerce in 2003, the demand for Edtech in 2020 was already there. It has been there for years. For the past decade at least, there has been a notable need in recruitment for qualified talent in data science, coding and digital. Edtech can bridge the skills gap, not only within formal education but also for adult learners upskilling and reskilling for today’s digital world.
Similarly, the financial crash of 2008 had the effect of fast-tracking the rise of the gig economy, requiring millions more to learn entrepreneurial skills. The idea of a job for life is now a distant memory. The Edtech sector can deliver the tools to equip students of all ages with the skills necessary for creating their own opportunities, as well as exchanging knowledge and collaborating in a digital economy.
Rising unemployment, as well as competition for jobs and government furlough schemes has seen interest in digital learning courses for adults also soar during the past few months. Figures show that the corporate e-learning market is set to increase by as much as $3.09 billion between 2020 and 2024.
The Edtech boom kickstarted by the pandemic is just the beginning in a paradigm shift in how we view education and work.
Over the next 10 years, with the rise of artificial intelligence, automated technology, and augmented reality, traditional, manual and customer service based roles will diminish and there will be less need for a large workforce when computers and machines can do the role equally well.
The need for a truly 21st century education system that reflects the needs of the job market is long overdue. Edtech companies are offering solutions to many of these issues that have troubled the economy for the past decade or more.
A Different Animal
Enter the zebra (back to our animal analogies). These types of Edtech businesses will be the ones to watch within the sector. With zebra companies, there’s a sense of community and collaboration, rather than competition. They understand that there’s room for more than one superstar in a market. Zebras are herd animals after all. The zebra believes that competition is healthy for everyone involved—something to watch and use for motivation and growth. It closely observes consumer trends and continually strives to solve new and developing problems for those consumers.
For zebra companies, profit margin is vital because it is necessary for steady growth and sustainability. Revenues hover between $5M and $50M, it serves customers within a specific niche, requires annual growth capital of $100K to $1M, and generally has more than four streams of revenue.
Zebras are both black with white stripes and white with black stripes – they have a fluidity in their approach and are camouflaged at the same time. This creates a double bottom line: Zebras want to conduct real business, by solving a pressing problem in a sustainable way, whilst reacting to contemporary challenges. This too could be said of the Edtech industry as a whole.
Research exposes the £68.8 billion opportunity for UK retailers
Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the...
Want to serve your customers better? An effective online strategy is what financial institutions need
By Anna Willems, Marketing Director, Mention A strong online presence matters. Having a strong online presence, that involves social media...
The rise of AI in compliance management
By Martin Ellingham, director, product management compliance at Aptean, looks at the increasing role of AI in compliance management and just...
Simplifying the Sector: How low code can aid digital transformation in financial services
By Nick Ford Chief Technology Evangelist, Mendix From online banking to contactless payments and Apple Pay, it has been well...
Why the Boom is Long Overdue (and Here to Stay)
By Roger James Hamilton, CEO, Genius Group Virtually every aspect of our lives has been taken over by tech, so...
5 Sustainability Lessons That Are Crucial For Business Success
By Michael Stausholm, founder of Sprout World (sproutworld.com) Sprout World is the eco-company behind the world’s only plantable pencil, with...
Why financial brands need to understand consumer vitality
By Carolyn Corda, CMO at data consortium ADARA Our day to day lives have been turned upside down. Office workers have...
Why and how a modern marketing strategy should put customer experience first
By Jim Preston, VP EMEA, Showpad In 2004, the Leading Edge Forum coined the term ‘consumerisation of IT’, defining a...
Leading from the front – why decision makers must embrace automation
By Jeppe Rindom, Co-founder & CEO, Pleo Ask any decision maker at a business about admin and you’re likely to...
Business first, not compliance only is the future for accountants
By Peter Bracey, MD at Bracey’s Accountants. The past few months have underlined the need for better business insight to reduce...