Overall, 45% of the more than 80 participants are well on their way to establishing the necessary processes and strategies for complying with the GDPR in the company. 26% are aware of the basics and 29% have changed few or no processes.
It is particularly noticeable that there is a big discrepancy between requirement and reality, especially with regard to data management. While 44% have already implemented a double-opt-in process for their e-mails and provide customers with ample information about changes to the privacy policy or changes in data usage (61%), only 29% see it as users to provide all personal data on request. Also, only 23% have processes to automatically and regularly review their records and, if necessary, delete data.
Also, many companies do not seem to have any processes that inform users or customers automatically as soon as personal data has been collected. This already suggests that it is generally difficult to inform users outside the double-opt-in procedure and the privacy policy approval checkbox about the use of their personal information.
Particularly in the case of traditional analogue distribution channels, where it was previously relatively common to also transfer business card information into a CRM system, new methods must be developed in the future in order to inform the contact person about this registration and obtain their consent.
By the way, there are already several apps in practice that enable you to record an active consent of the contact to use the data via smartphone, for example, directly at the fair.
Data management must not be limited to IT
Especially in the use and merging as well as control of the data, there seem to be still some hurdles. This may also be due to the fact that our survey has turned primarily to marketers and distributors, but data management is often left to IT companies alone.
The point is that if there is too little exchange between IT, Chief Data Officer (if any in the company) and marketing, sales and service, there is a greater risk that customer and user data will not be documented and processed in compliance.
Conclusion: Data-relevant processes must be revised throughout the company
The DSGVO prepares problems where the data has been insufficiently documented or not comprehensible.
There are many reasons why customer data is not treated in compliance with DSGVO:
Data silos complicate the merging and control of personal data.
An inadequate or different understanding of what personal data is and what is not personal information causes incorrect data handling.
A low technical understanding of the processes for data collection and processing ensures incorrect data usage.
Zusätzlich ist die Umsetzung genau dort schwieriger, wo es bislang noch keine zentrale Datenbank gab. Denn allein die Zusammenführung der Daten ist zeit- und ressourcenaufwändig. Doch nur eine zentrale Datenbank kann auch garantieren, dass die zukünftig notwendigen Prozesse zur Dokumentation, Bereitstellung, Verarbeitung und Löschung der Kundendaten auch wirklich einfach und im Idealfall automatisiert implementiert werden können.
In addition, of course, the entire process of data collection and processing should be reviewed company-wide and, if necessary, adapted to the GDPR. This includes not only the technical changes and processes but also the communication strategies. Simple language, accessibility to information and transparency with regard to the use of customer data have so far often been neglected. They should have been part of the data protection measures for a long time.
0 Comments