photokina: 08.–11.05.2019

#photokina

Data protection creates new opportunities

The EU General Data Protection Regulation tightens the rules regarding the handling of personal data. Digital assistants facilitate the necessary clean-up operations in the IT systems, while also opening up new growth opportunities for medium-sized and small enterprises.

More information, new challenges: Digitalization is radically changing the communication with customers and business partners. The amount of data collected by companies is growing rapidly – in the interaction with customers in online shops and social media or through networking with suppliers or service providers. This offers enormous opportunities, especially in the B2C space: Today, medium-sized enterprises and even small companies know exactly which user bought which product when. This will allow them to make customized offers in the future. That is why personal data is considered the gold of the digital age.

However, this new treasure will soon require much better protection. Starting May 25, 2018, the EU-wide GDPR will apply. The regulation, which was officially adopted two years ago, replaces the Federation Data Protection Act. The GDPR regulates how companies must handle stored information about customers and employees – such as when it may be used and when it must be deleted. However, surveys show that many companies have started late with the preparation for the new requirements and are now lagging behind. The previously valid Federal Data Protection Act is considered strict compared to the rest of Europe. Nevertheless, even those who are well-positioned here will still have to make some digital adjustments.

Because the GDPR extends the definition of personal data. In the future, this will also include IP addresses, location data and cookies in order to analyze click behavior on websites for instance. In addition, every company whose services can be used in the EU is affected – even a US-based website falls under the new legislation. The GDPR imposes strict penalties for violations. Companies that disregard the regulations and are too careless with sensitive data risk fines of up to four percent of annual revenue in cases of serious and repeated breaches. Ignoring the new requirements or implementing them halfheartedly is risky.

Regardless of their sizes, companies will have a great deal of cleaning up to do, especially in the widely ramified IT systems in which they store the data records. The good news: Digital assistants can make this work easier – start-ups and established software companies offer many programs that help with the careful handling of information – and also open up new possibilities for its profitable use. The GDPR can lead to increased growth due to better protected data.

- No more silos: The order from the webshop goes to one database, the purchase in the store is stored in another location by the POS system and the ticket for a complaint winds up on a third server. The more data is spread across different IT systems within a company, the more difficult it becomes to keep all the directories free of errors in terms of data protection. For this reason, experts recommend creating a “single source of truth” or a “golden record.” The company stores key information such as names, addresses and bank accounts in a single database. Many established and some new CRM platforms for customer relations or ERP platforms for operational control were adapted accordingly in advance of the GDPR.

- Clean procedures: In one office, the data of past customers is filtered out at the end of the year, while another location does it once a quarter. With the GDPR, the “we’ve always done it this way” attitude is finally a thing of the past. The best way to avoid stiff penalties is to ensure proper documentation of all processes such as who is allowed to work with which data record and where the information is stored. Additional programs help in order to reduce the data sets to the necessary information depending on their intended purpose – or to anonymize them if they are passed on within the company. For example, the service team does not necessarily have to see a customer’s payment history to provide assistance. Deletion wizards ensure the permanent removal of any residual data from the servers whenever the customer chooses – or the contractual relationship ends.

- Clear messages: More data can mean more sales if the customer allows the company to use their information. Whether personalized newsletters, more personal treatment on the telephone or the individual recommendation of suitable offers: All this is welcomed by customers. Numerous tools allow linking customer information in a meaningful way. The GDPR offers new opportunities for this. Companies need to explain this to users in a concise, transparent way, followed by targeted attempts to have them opt in for individual services.

Links:

Legal Text GDPR

Guidelines of the German Association for IT, Telecommunications and New Media (Bitkom)