Even Mark Zuckerberg is no longer laughing: the protection of customer’s personal data needs to be taken seriously! Besides, in Canada, various provincial and federal laws regarding the protection of privacy and personal data already exist, such as Canada’s Anti-Spam Legislation (often referred to as “CASL”), and The Personal Information Protection and Electronic Documents Act (PIPEDA). On the other hand, the General Data Protection Regulation (better known by its English acronym “GDPR”), issued by the European Union and having become fully enforceable on May 25, 2018, is actually a subject of much discussion. It presents important challenges for many companies not only located in the European Union, but also internationally.
Data: an inexhaustible source of wealth
Controlling customers’ identity is now a hot topic and it will remain so for the next few years. Indeed, personal data is at the heart of any good marketing strategy today. Gone are the days when we used to communicate with our clients by means of mass emails. We now instead strategically interact with them to enhance their experience with our brand:
Not only is it essential to have a unique view of consumers to really get to know them, but also to monitor their purchasing behavior. Having access to the whole picture allows companies to communicate with them in a timely manner.
Improving the customer experience, through an efficient use of data, is thus crucial because it:
increases companies’ revenue;
increases brand loyalty;
creates consistency throughout channels (emails, social media, mobile phones, etc.)
However, companies are facing challenges with these rules. They are in fact increasingly stringent regarding the control over clients’ data and their consent to the collection and disclosure of personal information.
GDPR : What should we know?
The GDPR aims to better regulate the collection and management of personal data of people residing in the European Union, to protect them and grant them more rights. A business found to be in violation of this regulation runs the risk of paying a fine of up to 20 million euros or 4 % of its worldwide profits, whichever is greater. Moreover, because of its extraterritorial reach, the GDPR does not only affect companies in the European Union, but any company in the world that could process or access data on its residents. Indeed, the scope of the application of the GDPR is very broad. This regulation lays down principles such as:
ensuring informed consent of individuals for the collection and processing of their personal data;
evidence of consent;
the guarantee of the conservation of data by companies only during the necessary period, the right of access to this data granted to the concerned individuals, the modification of incorrect data, its restitution until the erasure at the request of said individuals, the latter thus constituting the “right to oblivion”.
This new regulation has caused some confusion among corporate executives. Still, many of them see this as an opportunity to increase consumer confidence; the key to success!
Conducted collaboratively with the Legal Department