GDPR - One Month On

Andrew
Whiteley
|
Posted on
June 25, 2018

The new GDPR went live on 25th May and prior to that date was the cause of sheer panic, confusion and not to mention the subject of copious amount of (some rather hilarious) memes on social media.Small businesses (and some large) took the (in some cases) ill-advised decision to email their databases to ask them to re-opt in only to find that about 10% did. Some then completely panicked and emailed all their customers to say that they shouldn’t have asked them to re-opt-in, but to let them know that privacy policies had been updated and they would actually NOT be unsubscribing them. All very confusing if you are a consumer and frankly after four weeks… old news.

Let’s Kick This Off With Some Stats….

We’ve been rolling out our new Customer Preference Centre over the last few weeks and are pleased to share some stats to date:From the total sent emails (since 25th May 2018)

  • 0.18% of customers accessed the Customer Preference Centre (they do this by being sent a code)
  • 0.09% of customers updated their information
  • 0.07% of customers deleted their information
  • 0.0007% of customers objected to the processing of their data
  • 0.0002% of customers requested an export of their data

Airship Upgrades

So what have we done about it? Airship’s foundations are rooted in data and we’ve been working hard to bring everything we do in line with the new regulations. And what’s more, we’ve created amazing tools to help you do the same - let us talk you through it.

Collecting Consent

One of the most talked about aspects of the GDPR is the need to store more specific consent given by a data subject. Opt ins are gone, consent is here. We’ve spruced up our systems so that they can handle whatever types of consent you need to store, as well as accepting the old opt ins for a smooth transition. You should be thinking about how you collect this consent throughout the customer data engagement.

Our GDPR Compliant API

This is now live and available at www.airship.co.uk in the Developers section, SOAP API V3. Our SOAP API allows our clients to build out applications and integration with their CRM accounts. It’s a public API so if you’re that way inclined, give it a click.

How Customers Access Their Data

We’ve built a Customer Preference Centre tool that allows customers to view, amend, export and delete their data and consents in an easy, secure way.

Data Preference Update Authentication

Customers who wish to update their data preferences can be automatically sent a two-factor authentication. They will receive an email requesting confirmation of their email address and then an access code via SMS to enable confirmation of their updates.

Automating Requests From Data Subjects

When data subjects make a request, you need to make sure that their request is actioned across all of your processors e.g. Internal party booking system. Our web team are working on ways that this can be automated by developing our API calls to make this possible.

Logging Every Interaction

The GDPR means you’ll need to log every interaction with someone’s data - by them, us or you. We’ve developed a system that does exactly that so the information is there should you need it.

Better Search Tools

We can already do great things with your data, but we are in the process of updating our targeting tools to accept more granular consent. Once your data is passing via the GDPR compliant APIs it will be marked as such in our system. This will then allow you so see the GDPR data separately within your search. Data gathered prior to the GDPR will also be visible and of course, you can use that too as long as you are happy that those customers opted in previously.

What’s Next?

Well frankly, it's been a bit of a damp squib so far, the furore in the run-up has died down and while companies are no doubt better educated about their data and the security of their data processors it will be interesting to see if they continue to be over time... The next milestone will surely be a breach, or the ICO taking action against a company who has failed in some way to protect customer data or who is using data inappropriately, It's really a case of watch this space….