A Tech.mt Perspective on GDPR & Consent Management
GDPR permanently changed the way businesses, collect, store, and use customer data. Consent management is a key issue in the GDPR. The GDPR definition of proper or valid consent is very clear and leaves a clear responsibility on the shoulders of website owners and operators.
Consent is one of the six legal bases outlined in Article 6 of the GDPR.
Businesses must identify the legal basis for their data processing. As Google learned recently with a €50 million punishment, cutting costs is not an option when it comes to consent management. French Data Protection Authorities said the company’s version of obtaining consent was neither “informed” nor “unambiguous” and “specific.”
The impact of GDPR on customer engagement
The prerequisites for gaining consent are more stringent under GDPR standards because the individual must have the right to withdraw consent at any time. There is a presumption that consent will not be valid unless separate consents are obtained for distinct processing activities.
GDPR has affected many things for businesses, such as how sales teams’ prospects and marketing efforts are conducted. Companies have assessed their business processes, software, and forms to comply with double opt-in requirements and email marketing best practices.
Prospects must fill out a form or check a box to sign up for. It must be just as simple to withdraw consent as it is to obtain it. This implies that the process of withdrawing consent should be a simple one-step procedure. Individuals should be allowed to withdraw their consent in the same way that they gave it, if practicable.
Organizations must demonstrate that consensus was agreed upon if an individual denies and objects to receiving communication after giving the consent. This implies that any data stored must have a time-stamped audit trail and reporting information detailing what the contact opted into and how.
Furthermore, for each contact (person), organizations can digitally record consent, specify and state the legal reason for holding the data, save the source from which the user consent was obtained (e.g., a webform), and record when and who changed the data.
Are companies applying consent management or are they taking action when caught with infringement?
In 2020, a study by TrustArc identified that on average, 53% of US, UK and European countries are just now commencing implementation of GDPR compliant procedures, even though GDPR regulations came into effect in May 2018.
Organizations are constantly forced to meet ever-increasing security and privacy obligations. Specifically, global corporations find it difficult to comply with EU regulations that prohibit them from using a “one-size-fits-all” privacy technique.
In 2018, Insider Intelligence reported that 64% of internet users worldwide believe that the leading cause of distrust in the Tech industry, is the misuse of personal data. The need for GDPR compliance and consent management is ideal to gain trust from customers and users.
Digital footprints have become so valuable that The Economist called personal data “the world’s most valuable resource ahead of oil”, because of how much it now informs the way companies communicate with their customers and how it positively impacts customer experience. On the other hand, personal data is subject to theft and misuse, prompting customers to inquire about how organizations handle and keep their personal information.
GDPR was not intended to prevent businesses from connecting with their consumers. Quite the contrary, it has resulted in an improvement in data quality, which is why the best and most resourceful marketers see the broader picture as an opportunity to delve deeper into the needs of their prospects and consumers.
In Europe, innovation and clear rules of the game are not seen as opposing but rather as complementary. We can already see how start-ups are attempting to benefit from GDPR by commercializing technologies for privacy-preserving data analytics or establishing novel types of intermediaries, such as personal information management services.
This article is part of the GDPR Considerations series.
This three-article series will delve into the progressions of the EU GDPR Framework in the technology industry. The articles will give an in-depth understanding of Tech.mt’s perspective, presented by Ms Dana Farrugia, CEO at Tech.mt, during the WEBINAR – ‘Navigating through Consent Management: GDPR Considerations,’ organised by the Malta IT Law Association on 3rd June, 2021.
Posts in Series:
- The importance of being compliant with GDPR Regulations and applying consent management
- Coming Soon
- Coming Soon