General Data Protection Regulation aka GDPR is an initiative of the European Union (EU) in order to protect the data of its citizens. It was officially enforced on 25th of May 2018 and applies for all organizations that handle data of EU citizens.
Some of the key point of this regulation are the following:
- It applies worldwide for any organization that collects or process data of any individual EU citizen.
- If you are collecting individual’s data, he has the right to know it and also the right to rectify and erase it.
- Consent must be given and not assumed. Individuals must be able to withdraw consent any time.
- Possible data breaches must be reported not only to authorities but also to the affected individuals in no more than 72 hours.
It is a regulation, that means it is legally binding and companies can’t opt out. No compliance with the policies can lead to fines up to 20 million euros or 4% of annual turnover (whichever is greater).
It applies for a wide range of individual’s data like political opinions, browser cookies and racial origin.
It is natural that Market Intelligence has been affected by the implementation of these regulations. To understand the impact of GDPR on Market Intelligence, we need to explain how each of its six principles affect MI:
- data minimization
- storage limitations (data retention)
- lawfulness, fairness, transparency
- integrity and confidentiality
- purpose limitations
We will examine those principles, starting from those that affect MI the most.
Data minimization: as it name states out, data minimization is about making sure that companies will use the minimum amount of information required to fulfill a purpose. We immediately notice how this goes against the main goals of MI. MI is designed to supply its users with the maximum amount of useful and relevant information. This data is immediately used but also stored in databases for the future. GDPR limits the amount of data you can hold, to only those that are necessary for your business processes.
Storage limitations (data retention): New GDPR rules dictates that data controllers must ensure that data is only going to be stored for a limited amount of time. In relation to MI, this means that any data stored must come with a specific retention period after which they will be deleted. On top of that personally identifiable information (aka PII) should be anonymized. The majority of companies with MI systems gather data over the years without deleting them, since it is can improve their analysis. So far, data was gathered and stored, even though they were not actually needed at that time. Now, this is no longer allowed. Companies need to have a clear purpose for storing and processing individual’s information. In the future, it is possible that MI solutions will be evolved enough to automatically manage and delete personal data.
Accuracy: Accuracy was always considered to be of great importance for an MI solution. It was a characteristic that intelligence professionals were striving to incorporate in MI solution. With the new GDPR regulations, this feature became mandatory for personal data. In order to comply, companies need to verify the source, validate the obtained data and also make the necessary changes throughout the process when needed.
Purpose limitations: is about ensuring that the company will use the obtained data only the for the purpose they have stated, which has to be explicit and legitimate.
Integrity and confidentiality: includes three key areas (rest, transit, breach) during which data should be kept safe.
Lawfulness, fairness and transparency: refer to the rights that individuals and includes the following: right to rectification, right to be informed – to access – to erasure – to object – to restrict processing, right to data portability and rights related to automated decision making.
GDPR regulations aim is to decrease the quantity of data, but in the same time increase the quality and built consumer trust, which will lead to deeper and stronger consumer relationships.
The new GDPR regulations might seem complex but we need to keep in mind that we should not consider them as the end of data gathering and processing, but as a new beginning. Those regulations will surely change as well as Market Intelligence will evolve. Together with the development of technologies such as artificial intelligence and machine learning a new era will arrive for MI and also for GDPR.