Monday 28 November 2016 7:00 am

Businesses need to refine their data as the countdown to GDPR begins

City A.M.'s interviewer and feature writer. Focus on media, marketing and data.

City A.M.'s interviewer and feature writer. Focus on media, marketing and data.

The way businesses harness data is invariably compared to the extraction of valuable minerals: a gold rush, or data mining.

But it’s more like oil, in that, as the new EU General Data Protection Regulations (GDPR) approach, the way we use data needs refining if it’s going to be of continued value.

With loyalty and postcode data, marketers tapped into a steady, yet rich, natural resource of consumer information. But with the ubiquity of digital presence, the always-on consumer and the internet of things revolution, marketers have become more like frackers; injecting liquid at high pressure into the depths of our digital lives to force open new fissures and extract precious data.

Not just marketers and data houses, but businesses of all descriptions, hold masses of consumer data. GDPR raises questions about the fundamental necessity of doing so.

One of the primary components of GDPR is business consent of both possession and use of personal data. The EU’s supra-continental regulations approach consent far more restrictively than the Data Protection Act. In particular, it seeks to ensure that consent is specific to distinct purposes of processing. Essentially, if you want to hold it, you need a good reason, and to inform consumers exactly why.

As new research from Aimia shows, consumers are becoming increasingly aware of the value of their personal data – 41 per cent consider it to be “highly valuable;” a rise of 12 per cent in just two years. They want something in return.

Unlike the EU’s Cookie Consent law, in which you can merely click “OK,” or imply consent through continued use, GDPR calls for “clear affirmative action”. In fact, it specifies that “silence, pre-ticked boxes or inactivity should therefore not constitute consent”. Consumers, visitors to your website – even employees – must agree to hyper-specific reasoning for you holding or processing their data.

Businesses need to start asking questions about the necessity of data which they hold. Next year, opposition from paranoid privacy hacks is likely to garner media attention, and consumers will become increasingly aware of their data trail, and the value it holds. Are they likely to agree to you holding record of their every movement, browsing history, or what they had for lunch?

The data/ value exchange is more important than ever. Businesses need to refine their caches, strip down unnecessary historic data; prioritise what is useful, abandon what is not. Ask yourself why you need it. Inactive customers on your mail list? Delete. Former employees details? Delete. Anything that isn’t totally necessary to the integrity of your business should be deleted. If you don’t, your business faces a fine of either €20m or 4 per cent of group global turnover – whichever is higher. And no-one wants to give the EU any more money.

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.