GDPR prompted a seismic shift in the way businesses handle data, and the aftershocks are still being felt today. Businesses must steady themselves amid these aftershocks and ready themselves for something on the horizon that will further affect their data handling – Brexit. Currently scheduled to take place on 29th March 2019, the UK’s withdrawal from the EU is set to cause yet more headaches for companies’ data handling and compliance.
The terms and conditions of Brexit are changing on an almost daily basis, and within this context the Government has been unable to provide clear solutions to businesses on how to ready themselves.
The only certainty at the moment is uncertainty, set in the context of most businesses having no idea where they stand when it comes to legal changes around data flows between the the UK and EU. Additional question marks remain over the UK’s status following Brexit in the event of a no-deal scenario. Furthermore, the UK’s relationship with international data laws extending beyond the EU are also unclear following Brexit.
One thing businesses do know though, is they need to be prepared for any change in these data laws. How can businesses ready themselves?
First and foremost, businesses must be clear on exactly where they keep data, and be ready to re-permission it if required. Pre-GDPR, UK companies didn’t traditionally differentiate between EU and UK customers. There will now be a scenario where businesses need to handle these customers differently, with differing consent controls. In addition, data use will need to be tracked at a country level as, despite GDPR being an EU-wide initiative, each local jurisdiction can interpret it slightly differently.
Companies must also consider where their data is stored and how this might need to change after Brexit. Large businesses may have to restructure their data and compliance teams into different units, based on where their customers are based and how their company is structured. This is likely to involve huge upheaval for businesses – for compliance, data protection and marketing departments in particular. Already, we’ve seen a notable number of businesses restructuring their legal entities as Brexit approaches.
Flexible infrastructure will be key, and in particular data handling infrastructure which can deal with different legal outcomes linked to Brexit. This is especially true for industries such as retail, finance, insurance, and any other industry which relies heavily on using consumer data for marketing. Many businesses operating within these industries could see their customer base split in two, and will therefore be required to change data operations to avoid losing their most valuable asset.
Of course businesses also need to consider that customers can change location too, which means a change in their jurisdiction. Whatever solutions businesses adopt, they must be able to address both national and international aspects of handling data.
The companies that succeed in a post-Brexit world will be those which offer this flexibility in a transparent way and, in doing so, retain consumer trust to protect and grow their reputation and bottom line.
To find out how you can ready your business for GDPR post-Brexit, request a demo with Trunomi today.
We all know how valuable customer data is. Take online retail as a classic case study. From analysing customer behaviour to reduce churn, to increasing conversion rates through targeted promotions, data can be worth its weight in gold in this sector. But high profile data breaches and scandals mean that now, more than ever, businesses need to make determined and deliberate efforts to secure their customers’ trust. Compliance with regulations like GDPR are obviously a core part of this, but compliance is just a minimum.
Businesses need to go above and beyond to maintain access to their most valuable asset – data. One big risk they simply cannot afford to ignore is ‘consent fatigue.’
Following the deluge of consent requests around the GDPR deadline earlier this year, it’s easy to see why consumers are frustrated. Many organisations, in a bid to ensure compliance, ask their customers for consent multiple times, across a number of different customer touchpoints. A recent study showed that 72% of consumers felt annoyed about the number of times they have to accept cookies to access content.
In most industries, attracting new customers is more expensive than retaining current ones. This is particularly true of online retail, where a seamless customer experience is crucial to that loyalty. If retailers keep bombarding returning customers with consent requests at each stage of their journey, frustration will continue to build – until you risk losing their business to your competitors.
Understanding the consent you have from customers is critical in order to avoid having to ask again and again. This is where good data consent management platforms are crucial. In the face of continuous regulatory change, consent management platforms allow retailers to create trusting relationships with their customers, powering the sharing of personal information that benefits both parties. Lawfully and automatically requesting and consolidating consent in a centralised, secure and immutable record can create a seamless experience for the customer, whilst easily demonstrating compliance accountability for the business.
Consent is not a one-off, tick box event; it is an ongoing and dynamic relationship that all businesses, regardless of sector, should prepare for. As we approach the busiest time of the year for retailers they must get their house in order to not lose their most valuable asset. By having a strong consent management platform in place, retailers can ensure the experience for the customer is as seamless as possible. To find out how a consent and data rights management platform can benefit your business, request a demo with Trunomi today.
It is approaching 6 months since The GDPR came into force. While many industries are still adapting to the changes, one thing has rung out clear: Industry leaders want to get this right. They don’t just want to be compliant, they want to do the right thing by their customers, consumers and users. GDPR isn’t just a compliance issue, it is a brand issue. How data is handled and the interactions with users around consent and data rights are all part of the brand experience.
With that in mind, in the latest release of the Trunomi Platform we have added a number of additional enhancements. The consent widgets have always been ‘brandable’ so that they provide a consistent user experience, and so that it is clear who users are interacting with. Your customers want to interact with you, they don’t want to be directed to a third party site or app with a logo they don’t recognise. We have taken this a step further, making it even easier to quickly customise the branding and look and feel of the consent and preference centre widgets. This means that an admin can have a sub brand or campaign specific look and feel set up in just a few clicks. We even provide the ability for an admin to preview the new widget. No need to involve developers, or get caught up in complex workflows. The widgets and preference centre deliver the same user experience across all touch points and campaigns, maximising usability and building trust. You can even add your company logo to the TruCerts issued by the platform.
Trunomi allows any business, regardless of size, to provide a seamless user experience that is consistent with the company’s brand, and delivers on the requirement to provide full data rights to users, in a clear and consistent way. By using the Trunomi Platform to record the legal basis for processing data, DPOs and CMOs can ensure that users have a portal that clearly lays out what data the company is holding and how it is used, and that enables the data subjects to exercise their rights. We have updated the preferences centre to put the information customers need front and centre, presented in a clear, easily intelligible way, in line with the guidance in the GDPR. As always, users can see any Requests they have in progress, and the DPO can get an overview of those requests in the main dashboard.
Despite media focus, GDPR isn’t just about consent. There are a range of legal basis to be managed, and the newly enhanced preference centre makes it clear, in a highly accessible manner, what data is being processed and why (the purpose), and what rights the user has. They can now update their preferences simply with a single click, making it faster to update consents, or to object where they might have concerns. This level of transparency and control ensures that brands can build and maintain the level of trust they need to deeply engage with their users.
As well as the enhancements to our widgets and preference centre, we have added a number of new integrations which enable seamless integration with marketing automation platforms. Standard connectors now include Salesforce, Mailchimp and Marketo, covering CRM, email list management and marketing automation platforms. For a complete features list and pricing bands see our pricing here. You can see the latest updates for yourself by requesting a demo, or by signing up for a trial.
Meet Harris! Harris Georgakakis joined Trunomi in August 2017 and was made Lead Developer in August 2018. Originally from Greece he studied Software Engineering at The University of Glasgow. He leads the development and QA of our technology in an agile process and is also Trunomi’s ‘Gym Club’ captain and protein shake enthusiast!
Why did you decide to start working in Fintech / RegTech / startups?
Nowadays as a technologist Fintech is the industry to work in. There is a big need for advanced and modern solutions which makes my everyday work both interesting and challenging at the same time.
What’s been the toughest challenge in working at Trunomi or tech start ups in general?
A known problem with tech startups is the limited number of human resources which leads to dealing with tasks that you normally wouldn’t. However it turned out to be a positive experience for me and I’ve learned some useful new skills.
What’s your favourite part about Trunomi’s technology?
React State Management with MobX - JS Monthly - March 2018 - YouTube
Tell us one thing about you that surprises people?
I have been to 37 countries around the globe.
What are your ambitions for the future?
I want to start my own tech solution or consultancy firm.
Finally, where can we find you on the weekend?
If not in a plane traveling somewhere then probably at home resting and planning the next trip.
We are thrilled to introduce you to our newest director, Alexa Mackenzie. Alexa joined the sales team in July 2017 and was made Director of Partnership Development in June 2018. She’s a graduate of Exeter University, has a masters in Art Business from Sotheby’s Institute and previously worked in art auction tech. When she’s not leading Trunomi’s vast partner network she’s the office socialite, restaurant critic, caricaturist and ‘joke of the day’ author.
Why did you decide to start working in Fintech / RegTech / startups?
Probably the seriously smart people it attracts – so whatever attracted those amazing people I guess inadvertently attracted me! There are so many opportunities for growth, innovation and finding efficiencies in the status quo.
What’s been the toughest lesson you’ve learnt about working in sales / tech startups?
In tech startup sales, it’s often the slow rate at which the big ticket stuff happens. Even though you know sales cycles can be long, you feel as if you have to mentally prepare yourself for that many times over. On the plus side though you appreciate the small ones that matter most.
Also, unless you’ve studied computer science and infrastructure for your whole life, it’s hard to know everything…so realising I won’t always need to understand everything around core banking was a relief!
What’s the best part about working for Trunomi?
The space we’re in (data privacy) is so increasingly relevant and will be for a long time – so feeling so in demand is amazing.
Tell us one thing about you that surprises people?
I once came 7th in an Iron Man Kids
What are your ambitions for the future?
I want to see Trunomi through serious growth and handle scaling; and I always want to be learning new things across different industries
Finally, where can we find you on the weekend?
This weekend probably at a seaside arcade/bingo hall
This month British Airways bosses are apologising to their customers for a ‘sophisticated, malicious, criminal attack’ on its website, app and ‘security systems’ which has left 380,000 customer records compromised. They’ve done all the ‘right’ things in response to the incident – they’ve apologised, they’re contacting customers and promising compensation for the stolen data and they’ve informed the UK Information Commissioners Office; who are now ‘making enquiries.’ As the first high profile, large scale breach under GDPR British Airways could be facing a maximum fine of £500Million – 4% of its total revenue of £12.2billion. Possible penalties, enforcement and lowered share price aside – what is the true cost of such a breach?
The focus of the breach isn’t actually the business itself. It isn’t the financial or operational data, nor its products and services data. Not even the business’ own bank data. The focus is always customer data: our email addresses, our phone numbers and our credit card details. It truly is personal.
The focus is always customer data: our email addresses, our phone numbers and our credit card details. It truly is personal.
We trusted British Airways with our sensitive data, and it’s been stolen. Imagine giving your credit card to a trusted friend to look after and finding they’ve lost it? You’re not likely to ask them again, nor are they likely to remain ‘trusted’.
Fundamentally it’s a breach of customer trust – resulting in a loss of business reputation, loss of competitive advantage and ultimately, revenue. Trust and confidence cannot be compensated, or easily bought back. Some have tried – see Facebook’s recent privacy and ‘data use’ campaign promises to protect our privacy- but as consumers are we actually given access to the data privacy and permissions?
British Airways was not an isolated incident – Uber, Wonga, Experian, HSBC – data breaches, are an inevitable by-product of our dependence on technology and out-dated infrastructure. Malicious actors or hacker’s ability will evolve beyond (or at least, at) the rate of organisations ability to secure and protect data. Which is why the GDPR recognises you cannot have true data protection without data privacy – and a fundamental piece of privacy by design is putting the customer in control of their data.
So – how to rebuild trust? Get the customer involved, ASAP.
Ultimately, we need the products and services that businesses offer and businesses have collected our data in pursuit of offering the services that we need. By getting us, the customer, to engage actively in the data collection processes and have transparent visibility of the data held, and why its being used – you’re building trust and accountability. As a business you can be fully transparent by showing us exactly what permission you have over our data, why you have it, for how long and even where it is stored. This accountability should be demonstrated not just at the point of collection but for the entire lifecycle of customer engagement and across all customer touch-points. Make customer consent a standard, seamless and ongoing part of the customer journey.
Trunomi’s patented consent and data rights technology makes it easy to show customers the value you as business place on their data.
Trunomi’s patented consent and data rights technology makes it easy to show customers the value you as business place on their data. Consent and data rights delivered properly will make it easier for customers to give permission (or not) and for businesses to comply with data protection and privacy regulation. With Trunomi businesses can take a pro-active approach to customer data – don’t just wait for a breach to start building trust. Speak to Trunomi today. www.trunomi.com
Three reasons why CIOs are outsourcing the customer data headache
The Financial Services industry is undergoing another major transformation, underpinned by Open Banking and PSD2. Together these directives aim to give customers more control over their financial data and to open up the banking landscape to new and competitive third-party products and services.
Individuals can now grant third parties secure access to their bank account information and permission to make payments on their behalf, and this is expected to result in increased competition.
Organisations now need to work harder to retain customers against the threat of other financial service providers and fintechs.
Organisations that rise to the challenge and use Open Banking to their advantage will succeed by:
Taking the opportunity to transform their data strategy
Putting in place customer transparency and control
Building trust and loyalty.
With data strategy at the heart of securing competitive advantage, CIOs are increasingly responsible for corporate reputation and customer trust. Organisations need proof of consent from the end user to transfer data to third parties, with the risk firmly lying with the organisation as the ultimate data controller. There can no longer be ambiguity around consumer consent, or opaqueness around how data is being handled or for what purpose it is being used.
CIOs are therefore turning to consent management platforms that can solve consent on a global, multi-channel scale in order to be confident of the legal basis to use and share this data.
To demonstrate to their customers that their data is in safe hands, CIOs are increasingly embedding personal data sharing controls seamlessly into existing and pre-authenticated customer touchpoints. This gives customers the gift of choice, allowing them to change, rectify and revoke their consent at ease.
It unlocks the power of data at the lowest risk to both customers and banks.
Organisations that are not compliant are in danger of losing credibility and consumer trust overnight. In this context, it is unthinkable for a forward thinking organisation not to make every effort to reduce corporate risk and eliminate liability when it comes to both handling data and allowing third party access to it. CIOs, with their role as custodians of data, have the power to shape a company’s competitive advantage and ensure it thrives in the new disruptive landscape.
Marketers, beware of losing your biggest asset because of GDPR non-compliance
The General Data Protection Regulation (GDPR) which came into force in May has completely overhauled business process around data handling. At its core, the regulation has introduced the key principles of data privacy by design and default, handing power back to the consumer. It marks a seismic shift in consent management, and also marks the first time that legislation has attempted to keep up with technological advancements. These regulatory obligations will be felt across all departments, including customer service, IT and security, but perhaps most importantly, marketing. Data is the lifeline of marketers, and no longer being able to communicate with consumers could cause damage to growth. A solution is required that empowers the organisation to still capture data and has the transparency that enables the customer to take control of their personal information.
It is fair to say that the dust has by no means settled, and companies can expect revisions, refinements and updates on a regular basis, making the difficult task of consent management even harder.
For data privacy to still exist in the age of data capitalism, GDPR was necessary to give the consumer back control of how their data is used and monetised. Thanks to the regulation, consumers can now access all of the information companies hold about them and understand how it is being used. They can also be sure that companies misusing their data will face very substantial fines and reputation damage.
GDPR also sets a higher standard for data consent in the first place – giving consent must be an affirmative, unambiguous action and granular for specific processing operations. There is no ‘grandfathering’ under GDPR which means that businesses will no longer be able to use their existing customer data. Silence, pre-ticked boxes or inactivity will not constitute consent for digital marketers.
Companies that get it wrong will not only be front page news for all the wrong reasons, but will suffer an irreversible lack of consumer trust. Trust which marketers have worked hard to build up over years can disappear in the short space of one transgression which falls foul of GDPR compliance.
Access to data has long formed the backbone of all marketing strategy. Data, the most valuable marketing resource available, has allowed marketers to create scalable, repeatable processes that mean campaigns can become ever more automated and targeted, delivering direct and measurable value to the business. Email marketing campaigns, for example, have allowed marketers to get a better insight of their audience at a granular level and promote their products and services accordingly through interpretation of this data.
To truly unlock the invaluable power of data, marketers must have confidence in the consent and data management platform their company is using. Safe in the knowledge they are compliant with GDPR, marketers will be able to focus on strategies which foster the best customer relationships possible and directly impact the business bottom line.
Read more about Trunomi helping to solve a GDPR marketing challenge
Unless businesses want to be on the front page; consumer trust in data privacy is essential. GDPR introduces the key principles of data privacy by design and default. Consumers and business are recognizing that data privacy is more than just data protection and security.
For data privacy to exist in the age of data capitalism the consumer must be at the core of that business model. Consumers must be in control and be empowered to monetize their own data. Businesses are not only racing against the GDPR compliance countdown clock – they’re also worried about their reputations – and no one wants to be the last company to care about their customer’s data rights.
The GDPR sets a higher standard for consent – it must be an affirmative, unambiguous action and granular for specific processing operations. There is no ‘grandfathering’ under GDPR and as a result businesses are very concerned that this means they will no longer be able to use their existing customer data.
There is also a new burden for demonstrating consent and keeping records all data processing. Business are either remediating their databases to get the required consent, or they’re scrambling to find another legal basis.
Building customer trust
The UK Information Commissioner Elizabeth Denham said it best at the DMA Data Protection Summit in February 2018: “It seems to me that a lot of energy and effort is being spent on trying to find a way to avoid consent. That energy and effort would be much better spent establishing informed, active, unambiguous consent. You say you will lose customers. I say you will have better engagement with them and be better able to direct more targeted marketing to them. You will have complete confidence that your customers have given informed consent.”
Trunomi consent and data rights management allows business to automate consent, achieve GDPR compliance and provide their customers with control and transparency – to the benefit of the customer relationship.
In less than 1 year the General Data Protection Regulation (GDPR) will be enforced. If you haven’t heard by now, the GDPR will fundamentally change the way that companies capture, manage and store information and any marketing data referencing EU Citizens. The primary aim of the regulation is to protect EU Citizens’ right to privacy, give them back control over their personal data, unify privacy regulations across the European Union and increase data trust and confidence in this digital age.
However, despite the potential fines of 4% of global turnover starting in less than year – 25 May 2018 – research indicates that many organizations are behind schedule for GDPR compliance. Recent analysis from Oliver Wyman indicates the FTSE 100 companies could face fines of up to £5 billion a year. Had GDPR been in place for the past five years, the consultancy’s analysis shows that FTSE 100 companies could owe up to £25 billion in fines to EU regulators. To put that into perspective, if we thought the recent £400k TalkTalk fine was big – that would have been £59million under GDPR. UK ICO Elizabeth Denham has warned businesses that regulators will be vigilant, and will be looking at “Accountability and data governance… not just investigating data security incidents.” What does this mean? Under GDPR a business must not just be compliant, they must demonstrate and be able to proactively prove GDPR compliance.
A recent survey from the Direct Marketing Association showed that just over half of businesses say they are on course or ahead of their plans to have their marketing data ready by 25 May 2018, with a further quarter of companies yet to even start a GDPR plan. Why are so many organizations unprepared? Uncertainty over the applicability of GDPR after Brexit may have stalled preparations in UK. However, as our previous blog highlighted, despite Brexit, ‘GDPR means GDPR’. The UK will still be a member of the EU when the regulation is enacted, and in any event, the extraterritorial nature of GDPR means it applies to any company worldwide doing business with EU citizens. Multinationals are taking notice, a PwC pulse survey asked C-suite executives from large American multinationals about their GDPR plans and found that 77% plan to spend $1million or more on GPDR, with over half of US multinationals reporting GDPR as their top data protection priority. The facts are clear: regardless of location; GDPR must be prioritized over the next year to avoid major financial penalties.
Consent driving customer trust
According to the DMA survey, B2B marketers are the least prepared, and the biggest change they’re worried about is consent management. Under GDPR individual data rights are strengthened, with consent as the cornerstone of the customer data relationship. By enabling consumers to withhold and withdraw their consent, GDPR puts a high price on consumer trust. Organizations must review how they seek, obtain and record consent for us of marketing data and ensure consent is ‘freely given, specific, informed and unambiguous.’ Customers must know exactly what they are consenting to and give an affirmative action – silence or inactivity or pre-ticked boxes will not constitute consent.
Looking at fines and consent non-GDPR compliance: article 83 of the GDPR states that infringements of the basic principles of processing, ‘including conditions for consent’ can be subject to the highest level of fines (so 4% of total worldwide turnover of the preceding financial year). Marketers are particularly concerned about what new opt-out consent requirements will mean for their organizations, and will mean losing access to customer data.
Consent management technology solutions
My advice? Don’t fear engaging the customer and use GDPR compliance as an opportunity to engage in a trusted, transparent relationship and create new services built on two-way flows of permissioned marketing data. In this digital age, data is the fuel that powers businesses and technology companies should be involved in every stage of the process.
Technology exists that can enable business to evolve to this new data protection paradigm by capturing and immutably recording legal basis for processing customer data (consent or otherwise). In addition, moving to all digital processes not only improves customer experiences but it drives down costs – welcome news to businesses increasingly under pressure to watch their bottom line and compete. Active consented data is more powerful than inactive, stale-dated information and businesses that embrace technology to solve GDPR, above and beyond ticking boxes, will win over those who don’t.