In the rush to be compliant for the GDPR it would be easy to bolt-on new requirements to an existing process. But this could result in further confusion and complication for customers. Following an experience design process where customers are involved in design decisions will minimise this risk.
We believe the GDPR should be embraced as an opportunity, not treated as a mandatory inconvenience. If your business is hamstrung by bad data, embrace this new legislation to wipe the slate clean and start building a much more valuable data asset from May onwards.
Be wary of putting GDPR in a vacuum, your whole business needs to be mindful of data and be signed up to any new processes you implement. Lastly, focus your efforts on creating a customer experience you can be proud of from the moment the data is collected, and shows respect for the value your customers have given you in their data.
To help you get started, here are five things to think about when tackling GDPR:
1. Become an expert
Make sure someone in your business understands the GDPR and how it will affect your business. This will involve them not only getting to grips with what the legislation says, but will also likely involve an audit of your current processes and the information that you already hold.
2. Update privacy notices
Take the time to thoroughly review your privacy notices, under the GDPR you need to include additional information. For example, your customers have the right to know why you are collecting information, all of the ways in which it will be used and who it will be shared with.
3. Review how you obtain consent
Getting consent from customers for the use of their data is getting tougher. Pre-ticked boxes will no longer be acceptable under GDPR. Consent must be freely given, specific, informed and unambiguous. Do not leave design changes until the last minute, take the opportunity to not just be compliant but to also improve the overall experience for customers.
4. Get to grips with data recall
When it comes to individual’s rights most businesses – if compliant with DPA – should find the transition to GDPR relatively straight-forward. However, there are some significant enhancements such as the right to be forgotten.
5. Share what you know
The management of data needs to be a company-wide activity. Not only could GDPR create additional demands on resources but going forward, making sure that data is up to date and relevant will mean all departments will be able to serve customers better.
You will need to be able to track an individual’s data imprint across your business with ease. Not only will this make you compliant, but it will also help you extract maximum value from customer data.