With little more than 2-months until GDPR takes effect, businesses are struggling to prepare; many unsure which actions to take and when, or simply because their heads are firmly buried in the sand. Consumers, on the other hand, are primed, ready and waiting.
According to a recent survey, by the UK’s leading independent media agency the7stars, 34% of British consumers said they plan to exercise their “right to be forgotten” (officially known as the right to erasure) when GDPR goes live on May 25.
The right to erasure is actioned with an explicit request to delete personal data where there is no compelling reason for continued processing. Consumers pursuing this path are making a clear statement that they never want to be contacted and organisations must comply.
58% of respondents welcomed GDPR as a positive step towards protecting their data and privacy and 32% said that they would trust brands more after GDPR becomes law. So perhaps consumer-driven data cleansing is a good thing, ushering-in a new era in data processing. One where consumers can finally trust brands, and businesses can rely on the quality of their data.
In any case, it’s not that simple. Just because consumers ask to have their personal data erased, doesn’t mean it’ll actually happen. Businesses who demonstrate they have legitimate interest can still legally hold and process personal data. Valid reasons for processing include credit checks, risk assessments and even marketing.
The news comes as big-name brands mull over the administrative headaches that GDPR is likely to inflict. Jaguar Land Rover’s CMO Dominic Chambers said recently that the automotive business, with an eighty-year history, would find dealing with some aspects of the regulation difficult because of pre-digital business infrastructure, signalling problems for other older brands.
“Being a legacy business, we have many old systems across Europe that are difficult to talk to,” he said. “There’s going to be a manual process if someone asks to be forgotten. That’s not going to be easy – and it’s certainly not going to be automated.”
But whatever the justification, legitimate interest must be qualified – companies must inform consumers of their reasons for processing, describe how the data will be processed, and allow a clear opportunity for them to object. It’s a complex issue, and one sure to derail businesses and consumers alike, in the pursuit of contrasting end goals.
As Digital Transformation slowly permeates, and more and more companies realise that this approach, or even Digital Renovation as a start, is the right direction to take, simplifying information management and particularly GDPR compliance, then complying with the likes of right to be forgotten requests becomes simple. The Oxygen Digital Workplace is one such place that achieving compliance is achieved in a matter of clicks rather than days of frantic panic.
ISAAC create Digital Workplaces that manage everything from processes to people. The Oxygen application suite for Office 365 and SharePoint online is an intuitive, secure and scalable way to easily modernise the way you manage information, from where it is stored to how it is stored. Our approach is simple; human-centric applications, customised to suit your business, workflows and processes. Oxygen is today’s Digital Workplace, built into the Microsoft Office 365 cloud, providing a cost-effective, scalable and secure environment to manage, share and collaborate from.
You may also like: