The reason everyone is talking about digital compliance is because from May 2018, all organizations that fail to comply with EU General Data Protection Regulation (GDPR) will face heavy fines. Designed to empower all EU citizens with improved data privacy, the EU sees this act as “the most important change in data privacy regulations in 20 years”.
Digital Compliance has already had a significant influence on the financial services market. Operational in the EU since Nov 2007, The Markets in Financial Instruments Directive (MiFID) was designed to protect the investor. So far it has resulted in the four big UK banks having to pay $75 billion in penalties, and 20 global banks paying $235 in fines. However, when GDPR becomes effective, organizations can face fines of up to €20 Million or 4% of their annual global turnover (whichever is greater).
How does digital compliance affect your business?
These are the main components of the GDPR act which will affect your digital channels:
- Privacy from the onset: Data privacy must be built in from the onset of the product or service. This means that data protection needs to be part of the design of systems, rather than a later addition.
- Consent: Businesses will be required to prove that they have obtained unambiguous consent to process an individual’s Personally Identifiable Information (PII).
- Right to access: If requested, businesses must provide a free copy of the individual’s personal data in an electronic format within 30 days.
- Right to be forgotten: The “right to be forgotten” (also referred to as Data Erasure) entitles the individual to have the business erase their Personal Data and stop further dissemination of the data.
- Data Portability: An individual will have the right to request a copy of their personal data (in a usable format) and the right to transmit that data to another business.
How will businesses have to manage their data?
The implications of GDPR are far-reaching. Glassbox has written a white paper explaining how digital compliance will impact on managing your digital channels. Click here for details.
This is a summary of the key points:
- Businesses must keep full records of every customer session or online customer experience, which are secure, date-stamped, and tamper-proof.
- Every session on a business’s website or app will need to be recorded, and if necessary replayed to check if it contains PII.
- Data from every digital session will have to be stored for as long as it is required.
- Businesses must be able to easily retrieve every session relating to a specific IP address/surname/address immediately, even if the session was not completed.
- Businesses must have the capacity to find, extract, and export individual sessions if required.
- Businesses must be able to mask sensitive data so that PII is only viewable to those who need to see it.
- Data must be stored in a big data solution on the premises so the data resides securely in the data centre.
- A free text search ability to find every session if an individual wants to exercise his right to be forgotten.
At the end of the day, businesses must meet the requirements of the GDPR as well as enhance the website customer experience, decrease disputes, and improve overall regulatory digital compliance. No matter how regulations evolve across industries, the digital customer experience will be transformed. Those businesses that start making changes now in their digital data management and customer experience optimization will be the ones to avoid huge fees.