GDPR: more than a box-ticking exercise

Amy SoullierNews

How to turn GDPR into an opportunity to build trust and strengthen your customer relationships.

It’s hard to miss: from 25 May the General Data Protection Regulation (GDPR) comes into force across the EU, putting a whole range of data protection best practices into law.

GDPR will have a big impact on businesses in the tech and digital industries. You’ll need to show how you acquire, store and use your customers’ data, and make sure your customers have access to this information.

The Information Commissioner’s Office (ICO) has published an extensive guide to GDPR, which explains how organisations can ensure they’re compliant.

Building trust

Many organisations will approach GDPR as a box-ticking exercise, but the process could generate real value.

Few customers are reassured by policies framed in obscure, confusing language. Clarity and concision don’t just allow you to be understood; they also tell your reader that you take an open and honest approach to business.

The ICO points out that a good privacy notice is “key to developing trust with customers.” Yet according to the ICO’s own research, only 20% of the UK public has trust and confidence in companies and organisations storing their personal data. Better wording could make you stand out above your competitors as a firm that can be trusted.

Ben Gately, co-founder and COO of tech start-up CharlieHR points out: “It’s not just about making sure that the privacy policy is legally worded to an appropriate standard, it’s also about making sure that it’s understandable…

“There’s a big theme in GDPR around wording things so that the consumer, the user can understand it, so we’re spending a lot of time doing summaries of some of our policies so that anyone can understand them.”

A good privacy notice

Privacy notices can be lengthy, complicated documents, often hidden in terms and conditions. But, according to the ICO, this won’t do: GDPR places “an emphasis on making privacy notices understandable.” In fact, your privacy notice will need to be:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, particularly if addressed to a child.

The guidelines say your privacy notice should be written in a style that your audience will find easy to understand, avoiding confusing wording or legal language, and be aligned with your organisation’s values and principles.

Poor privacy notices may contain complex language, not clearly name all third parties, or have important information in small print. A well-written privacy notice will be easy to understand – whoever is reading it – and be split into easy to understand sections with clear subtitles. It won’t leave room for confusion.

The ICO provides examples of good privacy notices here.

A culture change

Preparing for GDPR could feel like a big task that threatens to get in the way of the core functions of your business. Why not turn it into an opportunity to assess all your communications – customer-facing and internal? Here’s a quick test you can easily apply to everything you write:

  • Does it tell the person reading it what they need to know?
  • Does it build trust or undermine it?

Words matter, and in a digital world they’re increasingly important in our customer relationships.