The General Data Protection Regulation, or GDPR, is an EU regulation that will take effect on 24 May 2018. Its purpose is to standardise personal data protection legislation throughout Europe. Read on to learn about its main provisions and how it will affect customer feedback management.
What is the GDPR?
Adopted on 14 April 2016 by the European Parliament after four years of tough negotiations, the GDPR sets the new standard throughout Europe for personal data protection. The regulation was a necessity given the advent of big data. Although 90% of all data has been produced in the past two years, the current law on the topic dates back to 24 October 1995. That is a sizeable gap.
The provisions of the GDPR will start to take effect on 25 May 2018. Above all, the text seeks to “let citizens take back control of their personal data while also streamlining the regulatory environment for companies.” Any company that collects and processes data from European residents must abide by the GDPR.
What are its main provisions?
- Citizens can report an abusive use of their data directly to their national data protection authority (CNIL in France).
- Consumer rights groups can sue companies collectively.
- Companies are encouraged to use pseudonyms.
- Data collection requires affirmative and explicit consent from the data subject. Default settings using a pre-ticked box can therefore no longer be used.
- In addition to having a right to access and correct their data, consumers now have the right to be forgotten.
- Data processing managers must keep a detailed record of all processing operations.
- The transfer of personal data to foreign countries is subject to oversight.
In addition to these main measures, the GDPR includes other provisions that companies will have to follow by 2018. As a customer feedback management platform, Critizr is gradually adapting to these new norms. In fact, let's take a closer look at how the GDPR will impact customer feedback management.
The effects of the GDPR on customer feedback management
The regulation applies to all companies that use personal data for marketing purposes or customer relationships. Customer feedback falls under the purview of this new regulation.
- The GDPR requires that customers give consent when their data is being collected. When sharing his or her feedback, the customer is naturally granting their consent, so there's no worry on that front.
- If you want to use this feedback in your marketing campaigns, however, you'll have to inform your customers that you are doing so.
- When sharing their feedback, customers will have to indicate whether or not they would like to be included in your marketing campaigns.
- Any customer, especially those who have submitted feedback prior to the start of the GDPR, can exercise his or her right to be forgotten at any time.
- Collected data must be protected by the highest possible level of security. Companies must take steps to reduce their network's exposure to cyber-attacks and limit the risks of a data breach.
In general, the collection and processing of customer feedback, just like any other form of personal data, will indeed be affected by the GDPR. While it might seem restrictive, you should see the GDPR as an opportunity to show your customers that you have their best interests at heart and that you use their data to produce personalised and transparent communications that meet their expectations.
The General Data Protection Regulation will soon take effect. You have about a year to incorporate the law's provisions into your organisation. Businesses will have to examine their data and cybersecurity practices to ensure they comply with the GDPR. Specialised solutions, and especially Critizr, stand ready to provide companies with their expertise in managing customer data.