A new poll from Accenture reveals that more than half of the UK adults it surveyed are not opting in to continued contact from brands.
Companies are inundating those on their subscription lists with emails or pop-up notifications seeking permission to retain their data, before the European General Data Protection Regulation (GDPR) takes effect on May 25.
Many have received 30+ emails in the last two weeks.
The poll of 2,000 UK adults suggests that with a week to go, businesses essentially face a potential drop-off of more than half on their subscriber base or marketing targets.
Nick Taylor, managing director at Accenture Security said: “A lot of people, when they realise the information they’re sharing, are backing out. The brands that will be successful in obtaining this consent are those that view the GDPR ‘process’ as an opportunity to engage with people, and not as a compliance ‘tick-box’ exercise.”
Not Just a Front-End Problem
Reassuring customers is one challenge. Ensuring databases are clean and compliant is another. GDPR includes the following new rights:
The right to be forgotten: data controllers must erase all personal data without undue delay in certain circumstances, when so requested
The right to data portability: where individuals have provided personal data to a service provider, they can require the provider to “port” the data to another provider
The right to object to profiling: customers can object to being subject to a decision based solely on automated processing.
To make sure they are compliant with its requirements – and it represents the largest shake-up of data privacy rules in decades – companies are having to scrutinise entrenched systems and identify the location of data repositories.
Behind the Scenes…
Rob Price of Snow Software told Computer Business Review: “The majority of the focus of big organisations is on systems such as SAP, Oracle databases and middleware like Marketo and Salesforce. But these large systems often represent just a fraction of the systems that process personal data. Like an iceberg, the vast majority of applications are often effectively invisible, unconsidered by the GDPR team and include SaaS applications purchased by business units with little to no involvement by IT.”
It’s a point reiterated by Chris Mayers, the chief security architect of Citrix, who told us: “Businesses must recognise that more centralised application and data storage environments will make it easier to meet technical compliance goals.”
He added: “This centralisation can be achieved in various ways, from introducing unified access controls across on-premise and cloud services with single sign-on to rolling out centrally-managed virtual workspaces. However, it is done, controlling data sprawl and recognising enterprise accountability around data privacy will be key to GDPR compliance.”