On 24th May 2016 new EU legislation (General Data Protection Regulation-GDPR) became effective which requests companies and organisations to handle personal data radically differently. Mark Lomas of Cap Gemini: “We regard GDPR as the biggest legal change of the digital age”.

What does it mean?

The GDPR rules became effective on 24th May 2016. Companies, governments and other organisations have time to adapt their processes and procedures until 25th May, 2018, after which the rules will be applied by the supervising authorities. Who fails to comply to these GDPR rules by that time not only risk a heavy fine (administrative fines up to € 20.000.000, or in the case of a business undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher) but also negative publicity, loss of credibility and trust.

However, who actively embraces the GDPR regulation, will stand out, have a chance for renewed customer intimacy, be associated with ease-of-use for the customer and be able to reduce costs at the same time.

Whilst the authorities will enforce the new GDPR rules from 25 May 2018 onwards with fines, individuals can already now rely on the new rules in civil procedures. Thus there is an urgent need to act.

The compliance burden may be extensive. However, the value created by an higher customer engagement and reduced data maintenance costs will most likely be a solid return on any CMR investement. The customer’s personal data rights can be summarized as follows.

You should obtain permission to use personal data and make sure that customers understand what is happening to their data

Your customers have the right to object at any time to processing of personal data for marketing purposes

Your customers have the ‘right to be forgotten’, to be deleted from your databases when they request it

Your customers have the right to transfer their personal data from one platform to another

Your customers should have access to the personal data you have collected about them