Data Privacy Day

Today is Data Privacy Day. 2018 saw the biggest change in data privacy regulation for 20 years, the new General Data Protection Regulations. The GDPR came into force on 25th May 2018, in a bid to give consumers more rights over their personal data. That said, it should be seen as an opportunity by businesses to finally get their databases in order and become compliant with current data legislation. After all, those who fail to adhere to the rules run the risk of being left liable to heavy fines. To be more specific, you could be fined up to €20 million or 4% of your total annual worldwide turnover, whichever is higher.

With the threat of having to pay out large sums of money for having non-compliant data, you would think that simple common sense would push businesses to ensure their data quality is of the utmost integrity. But considering that 50% of firms are still not GDPR compliant, makes us think otherwise. In fact, Google was recently fined €50 million (£44m) by French data regulator, CNIL, for being in breach of the EU’s data protection regulations.

Google

The multinational technology company were fined on grounds of “lack of transparency, inadequate information, and lack of valid consent regarding ads personalisation”, according to CNIL, who added that people were not sufficiently informed about how Google collected data to personalise advertising.

When searching for possible reasons as to why businesses are not GDPR compliant eight months on from when the regulations came into effect, the most likely explanations are lack of knowledge surrounding data compliance, and lack of capital to actually fund the costs that come with cleansing and regulating large databases. The latter hypothesis is unlikely to be the case in Google’s instance, considering it is a multi billion dollar corporation. However, for organisations who are smaller in size but still compile large volumes of data, this could easily be a reality.

By law, businesses are required to employ a data protection officer (DPO) if the firm is a public authority/body, if their core activities include regular and large scale monitoring of individuals, or if their core activities consist of processing special categories of data in large volumes. Organisations that do not fall into any of the aforementioned categories but still wish to employ a DPO are of course free to do so, however, with that comes the added expense of employing data protection personnel, in which the average salary is £62,500. For some businesses, this will be out of the question.

However, all is not lost as there is a simple yet very effective solution that will ensure the compliance of your company data and help you avoid large fines. Data cleansing software will quickly verify and cleanse your databases to ensure optimum accuracy, using the latest suppression files to cross-match your records against deceased, mover, and marketing preference files. Outsourcing the solution will invalidate the need for hiring an outsider to regulate your data when you can do it yourself for as little as £35.

According to freely available information from the Office for National Statistics (ONS), 540,163 deaths were registered in England and Wales in 2018. For all you know, a proportion of this figure may still be on your customer database, therefore, it’s your prerogative to remove these details from your records. If you send marketing to these individuals, not only do you risk upsetting their relatives, colleagues, and so on, but repeated mistakes will cultivate a negative brand image for you. Not to mention you could be fined for being in breach of data legislation.

In July 2018, the BBC revealed that online payments system, PayPal, wrote to a customer who had died of cancer to inform her that her death had breached its rules and threatened legal action, due to an alleged unpaid fee. Not only was this extremely upsetting for the deceased person’s husband, but it was also very insensitive, especially considering that PayPal had been informed of the death. This further emphasises the need for regular data cleansing.

Deaths registered

Additionally, did you know that there were 865,913 residential property sales in the year to June 2018? Now, we’re not suggesting that every single one of these owners actually moved house, as some may have bought properties on a buy-to-let basis. However, a large proportion of this figure will have likely moved homes. And so, it’s imperative that you keep your customers’ addresses up to date so that you don’t send marketing or their purchases to the wrong address. This in effect would cause problems for all concerned parties, because your customers will feel neglected and annoyed having not received their order, and the new residents of the address will be equally irritated at receiving mail intended for someone else.

Property sales

When it comes to consumers’ rights over how their personal data is used, your business must bear in mind that some of your customers may be registered with marketing preference services. The Mailing (MPS), Telephone (TPS), and Corporate Telephone (CTPS) Preference Services allow individuals to register for free to opt out of receiving mail and telephone calls. The services are fully supported by the Information Commissioner's Office (ICO), and businesses that are found to have to contacted people registered with the opt out lists could be liable to large fines.

It was only last October when the ICO fined a Manchester-based firm £150,000 for making 63,724 nuisance calls to consumers registered with the TPS. The company were found to be in breach of the Privacy and Electronic Communications Regulations  (PECR), which sit alongside the GDPR. This particular instance exemplifies what can happen when organisations do not adhere to rules surrounding data protection. Therefore, it is vital that you check your data against preference service files in order to mitigate the risk of marketing to those who you shouldn’t.

Every January 28th, governments, parliaments, national data protection bodies, and businesses join forces to raise awareness about the rights to personal data protection and privacy. Whilst many organisations have put measures in place to adhere to such legislation as the GDPR, for others there is still a long way to go. Kick-start your journey down the road to data compliance by keeping on top of your data and cleaning it regularly.
 

 

Sources:

https://eugdpr.org/

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-law-enforcement-processing/penalties/

https://datacenterfrontier.com/50-percent-of-firms-still-not-gdpr-compliant-how-about-your-data-center/

https://www.bbc.co.uk/news/technology-46944696

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/

https://www.cwjobs.co.uk/salary-checker/average-data-protection-salary

https://www.ons.gov.uk/peoplepopulationandcommunity/birthsdeathsandmarriages/deaths/datasets/monthlyfiguresondeathsregisteredbyareaofusualresidence

https://www.ons.gov.uk/peoplepopulationandcommunity/housing/datasets/numberofresidentialpropertysalesfornationalandsubnationalgeographiesquarterlyrollingyearhpssadataset06

https://www.mpsonline.org.uk/consumer/what_is_mps

https://www.tpsonline.org.uk/tps/index.html

https://www.tpsonline.org.uk/tps/whatiscorporatetps.html

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/ico-fines-manchester-firm-150-000-for-making-nuisance-calls/

http://www.dqmgrc.com/