Respect for others' data - GDPR
GDPR (the General Data Protection Regulation) has made big headlines over the past few years - For the UK and Europe it is a massive overhaul of the way personal details should be handled and your right to access information about you.
Note: Other countries will have their own data laws. For example CANSPAM in the US. If you are outside of Europe, please refer to the laws relevant to your territory.
This is an additional video, hosted on YouTube.
In general, the underlying principle of GDPR is to be as transparent as possible with the people you are requesting data from. Regardless of what type of business you are, if you are asking somebody to engage with you and your goods and services, you have to let them know how you’re going to use their data, so they can make an informed decision that they’re comfortable with what you are doing. They need to give you informed consent before you use their data.
If they are giving you their data, use it properly, appropriately and honestly. Don’t collect data that you don’t need or analyse the data in a way you don’t have consent for.
“Top Tips from Tourism experts”
It may also be advisable to inform your customers of the benefits they will derive from you collecting their data, for example, if you are tracking their visit. In this example, make sure you communicate that they will get something in return.
- Working very closely with your IT provider can help you to be up to speed on the ethics of what you do.
Work with trusted data partners and look into the sector where there is massive expertise. Take legal and professional advice around the range of data principles so you don’t get distracted or panicked by the headline of GDPR around consent being king and focus on legitimate interest instead.
- Justify and document your assumptions on how and where those principles apply within what you do.
- Make sure you know who in your team is working with data and who isn’t and be strict about that separation.
- Think of it as common sense that if it was your data, how would you feel. In terms of sharing data, anonymity is about not having personal data attached to it, so strip out phone numbers and email addresses.
It may be that mailing list numbers decline slightly as you’ve given explicit option to unsubscribe - this isn’t a bad thing! Remember, the people that stay in touch are going to be much more valuable to your business, as they want to read your emails or buy tickets. They have chosen to stay engaged. Allowing your customers to unsubscribe at all times essentially then ensures that the quality of your data is maintained. This benefit might actually allow you to grow the business rather than limit you.
On a personal level, we all appreciate GDPR. For businesses, even though putting the right processes in place as a business seems like a big task, once they are in place, it becomes second nature.
See also this guide to The Privacy and Electronic Communications Regulations and how it fits alongside GDPR.
© Edinburgh Napier University