D-Day for GDPR

The General Data Protection Regulation (GDPR) feels like it’s been a long time coming. First put forward in 2012, we’ve been writing about it on Research Live and in Impact magazine in earnest since the back end of 2015.

There was the brief Brexit blip, but when it was instantly clear that in or out of the EU, any company wanting to do business with Europe would still need to comply, it was full steam ahead.

Or was it? I’m sure your email inboxes have been as full as mine over the last few days with increasingly desperate requests to update your preferences. Talk about leaving it to the last minute.

And for every work or personal email requesting me to opt in to future communications or telling me about their updated privacy policy, there have been an equivalent number of press releases on GDPR coming to our news desk.  

We’ve written a fair few GDPR stories, especially about the readiness of business for the new regulation, but our enthusiasm has wilted as we have edged closer to today and news releases or surveys have become increasingly tenuous.

In the flurry of last minute email activity – and as irritation mounts for the receivers and panic rises among the senders – it’s easy to forget the essence of this regulation. People now have more control over their data and this is a good thing. They might not know the intricacies of the regulation but – helped along with the Facebook and Cambridge Analytica scandal among other things – they are now much more aware of how their data is being used.

For businesses, it means better data management and protocols and it obviously has ramifications for agencies and clients involved in market research. The Market Research Society has created extensive support material and its director of policy and standards, Dr Michelle Goddard, has written a number of columns in Impact on the subject. What Michelle doesn’t know about GDPR isn’t worth knowing!

She says: “Welcome the fact that both the GDPR and the UK Data Protection Act 2018 take full effect today. It’s a great opportunity for privacy-centric research organisations to deliver innovation and better services in the digital future. Compliance will be a journey requiring ongoing review and continual adaptation to privacy risks – especially in emerging and new technologies – and above all committing to respecting personal data.”

And while many companies have been obsessing over compliance, they may be losing sight of the opportunities that GDPR offers. Research from Capgemini found that 39% of people said they had bought more products from firms that they were sure protected their personal data and 40% have transacted more frequently with those firms. 

Louise Byers, head of risk and governance at the Information Commissioner’s Office (ICO), pointed to three things that would set companies apart as data protection leaders: good records management – know what you have and why you have it; secure senior buy-in with clear roles and responsibilities; and clear and strong internal and external communications.

GDPR is here, and it’s here to stay, so let’s give a warm welcome to better standards all round.

For further advice, visit https://www.mrs.org.uk/standards/gdprsupport