Subscribe

Guest Blog: Rob Pryce, Xtremepush

/ 16th November 2020 /
Darren O'Loughlin

The pandemic created an urgent need and opportunity for online operations. But, in the haste to expand e-commerce, or even trade online from scratch, Irish companies risk failing to meet their legal obligations.

Although introduced in 2018, GDPR remains uncertain territory for many organisations, not just SMEs. We like to think we’re digitally savvy and consumer conscious, but in reality, according to the national Data Protection Commission, in 2019 Ireland had the second-most reported data breaches per capita in the EU.

A common pitfall is where businesses and employees misunderstand what constitutes ‘personal data’, despite handling a lot of it. We’re talking customers’ names, home addresses, email, contact numbers and so on. Collecting and storing this information for any length of time makes you a ‘data processor’. And then there’s ‘behavioural data’ too, such as which of your website pages customers visited and the device they used to do so.

 

In Association with

 

Xtremepush is a global customer engagement business; we manage data platforms and personalisation for business operators in most enterprise verticals. While our primary focus is to help businesses exploit and manage their very valuable customer data, a close second is the concern over growing evidence of GDPR breaches.

You must collect first-party consumer data openly and ethically. Sales and marketing teams can only reach out to individuals who have consented to contact, knowingly. You can’t dupe them into it – no pre-ticked boxes – and you must record and prove consent. Check and double-check for the correct cookie consent banners on your website.

If any or all of the above is unclear, here’s what to do:

  1. Familiarise yourself with GDPR requirements now.  A tiresome, job, but the sting of a large fine for a breach is worse.  The DPC has a fantastic site outlining what’s needed. https://www.dataprotection.ie/en/dpc-guidance
  2. Develop a GDPR policy for your business. It needn’t be complicated, but should cover the different types of customer data your business collects, where it’s stored, who in your business has access to it, and how you use it.
  3. Ensure the data is accessible. If someone wants to see what data you have stored on them, you are obliged to tell them.  And, if they want you to edit or delete it, you must do so. The golden rule: it’s their data, not yours!
  4. Be upfront and honest.  The old adage ‘seek forgiveness, not permission’ does not apply online! Make sure the customer knows exactly what you collect, and what you’re using data for, before you collect it.
  5. Provide an opt-out option in every message you send.   This is usually facilitated at a provider level, but it’s still your responsibility to ensure it’s in place.

And the ‘definitely do nots’!

  1. Don’t assume you’re exempt from GDPR because you’re a small company. No company is exempt from GDPR entirely, no matter how many employees or how small your turnover. There are some limited exceptions for businesses with under 250 employees, but if you regularly handle customer information, you aren’t on that list.
  2. Don’t assume you can market to anyone in your online address book. Having an email address doesn’t mean you can send a promotional message. You may get someone’s email to fulfil an order or send a receipt, but unless the customer has clearly ‘opted-in’ to promotional messages, you can’t send them. There are grey areas, like the definition of ‘legitimate interest’, but it’s best to be cautious.

The above is sound advice, but does not constitute legal guidance. If you are unsure about your legal obligations and ability to meet them, engage a dedicated GDPR compliance adviser.

+ Rob Pryce (pictured) is Chief Revenue Officer at Xtremepush

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram