So 25 May has passed. The world hasn’t ended following GDPR going live. But what next?
by John-Paul Danon
Well that was intense! 6 months of preparing for GDPR. Uncertainty followed by complexity followed by varied opinions resulting in feverish activity.
Here is a distillation of where we are, what we did, what we learned, and, and as the clouds are clearing, what we think the future looks like:
Where we are…
- Data protection is now on everyone's risk register - this is a good thing
- There are many unanswered questions and this will remain the case in the short term at least
- May 25th was an important line in the sand, now we can all start building and doing good things with every citizen in control of their data.
Here is what we (CAN) have done in the last 6 months…
- Gone through every contract and agreement with every tech provider we use to ensure we only work with solid organisations.
- Created a simple internal set of principles that staff can easily understand and work with
- Assessed various GDPR solutions in the market and resolved to developing a tool for the public sector - compliance, transparency, future proofed
- Found the answers to hundreds of questions around audience data and advertising technology
- Performed an audience and ad tech audit of over 160 council websites
Here is what we have concluded…
- GDPR clarifies that control of personal data belongs to the individual, so organisations need to facilitate control and transparency. This is good for people and healthy for organisations
- People think organisations holding their data is creepy: ‘If they know this about me, what else do they know?’. The Regulation gives good organisations incentive to let people see and control their data. This could start to reduce the creepiness.
- The Regulation was designed 7 years ago and, while good in spirit, it does not cover everything that is being done with data now. Hence working towards the values of the Regulation rather than just compliance.
- Some public sector organisations are doing lots with audience data, others are doing virtually nothing.
- An unintended consequence of the Regulation is that people are bored of hearing about it and may not use their newly acquired powers - we need to distil simple messages and be committed to educating and informing constantly.
So where’s the sunshine?
Whilst the additional workload was un-wished for, the process has been very healthy, a bit like spring-cleaning. The impact of the Regulation is to create a safe environment for people to share their data with organisations and has cleared away many of the questions/concerns that might have stopped us using data for good purpose.
We are forming a group of public sector comms, tech people and interested parties to develop a platform for public sector that handles consent, control and transparency, enables data sharing and measures outcomes. The working title is govCDMP (yes, this needs an improved name). Let me know if you would like to join the group.
We are going to test if we can unlock your audience data, and combine it with other data sets as tools, for
- campaigns: reduce wastage, reduce cost and increase measurable outcomes
- web teams: manage demand and accelerate adoption of digital services
- residents: do all of the above in a way they are totally comfortable with
GDPR has given us the environment to start building. If you want to see how it goes forward follow us at @counciladnet
John-Paul Danon is sales director at the Council Advertising Network
image via USMC Archive