What GDPR Really Means for Customer Data Analysis

By Shahidul Mannan, Executive Director and Peter Dorrington, TTEC Director of Customer Insights

If you haven't heard about the EU's General Data Protection Regulations (GDPR) by now, where have you been? 

Coming into effect on 25th May, GDPR affects any organisation that holds or processes data on EU citizens and gives significant power back into the hands of the people the data is about - you and me!

Over the last few months, it seems like there has been a never-ending stream of emails from organisations updating us about changes in their privacy policy as they prepare for the introduction of GDPR. Yet even though the regulations have been seven years in the making and well publicised, there is still confusion about what it means to those organisations that hold or process large amounts of consumer data, with some believing it will severely restrict what they can do with this information. In this blog, we'll address some of those concerns.

GDPR builds on a previous Data Protection Directive but has new powers and real teeth. However, just like when the Data Protection Directive came into force, there is a lot of confusion about what it means and what's required. Too often (and wrongly) that's come to be expressed as 'we can't do that, GDPR prevents us'.

GDPR does place new obligations on organisations and grants new rights to individuals--including the right to be informed, have access, rectification (correct errors), erasure (be forgotten), restrict processing, move their data, object to data being captured / processed, understand how decisions are made using data, and be promptly informed of any data breach.

In particular, GDPR contains provisions relating to the holding and processing of Personally Identifiable Information (PII). The definitions of PII can differ country-to-country, so care must be taken to ensure you understand the scope. For example, the definition of personal data has been expanded and clarified to include IP addresses, cookie identifiers, and GPS locations.

GDPR requires that organisations consider privacy from the ground up. Whilst this is relatively straightforward for new data gathering and processing, it may present some challenges in respect to historic or legacy data--especially when a person exercises their right to be forgotten. Perhaps the biggest potential challenge going forward is in obtaining the required explicit consent (active opt-in). If your organisation is not in compliance or suffers a data breach, the penalties can be crippling: EU20 million or 4 percent of worldwide revenue.

So, no one can afford to ignore the impact of GDPR. It has a broader and deeper scope than the directive it replaces and sanctions designed to enforce compliance with the regulations.

Read article HERE

About TTEC

TTEC (NASDAQ: TTEC) is a leading global customer experience technology and services provider focused exclusively on the design, implementation and delivery of transformative solutions for many of the world's most iconic and disruptive brands.