Forum Posts

sifat
Feb 19, 2022
In Wellness Forum
In her blog ‘GDPR is not Y2K’, UK’s Information Commissioner Elizabeth Denham has called the GDPR an evolutionary process and an “ongoing effort” that doesn’t end on May 25th, 2018. As businesses based in the European Union (or collect/process data of individuals based there) get ready for GDPR, this is the perfect time for organizations to review their systems and policies to ensure they follow data privacy best practices. GDPR Here are 12 steps to help you in this process. Step 1: Raise Awareness of GDPR and its Implications for Your Organization It’s important to ensure that decision-makers and key members of your organization are aware that the law is changing and that they appropriately anticipate the impact and potential risks of GDPR. Keeping the penalties for non-compliance in mind, it would be a good idea for organizations to train employees on how it plans to proceed while collecting, storing, or processing data. Step 2: Conduct an Information Audit Since the GDPR encourages a more disciplined treatment of personal data, you should document all personal data that you currently hold. This includes information about how the information was collected, its source, the purposes for which the data was collected, where the information has been stored, etc. Once you’ve done this assessment, determine what you need to keep from the data you currently have. Undertaking a data protection audit will help you understand what your current processes are, and identify any gaps that may exist. Step 3: Review and Update Current Privacy Policy The GDPR’s rules on giving privacy information place emphasis on making privacy notices understandable and accessible. The law states that the information you provide to people about how you process their personal data must be concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge. Therefore, your organization should review its current privacy policies and communications to ensure they align with the GDPR stipulations. Under GDPR, individuals have to explicitly consent to the acquisition and processing of their data. Pre-checked boxes and implied consent will not be acceptable anymore. You will have to review all of your privacy statements and disclosures and adjust them where needed. Step 4: Outline Individuals’ Rights Generally, the rights individuals have under the GDPR are the same as those under the outgoing Data Protection Directive, but they have some significant enhancements. The right to data portability, however, is a new one within GDPR. As a part of GDPR preparation, you’ll need to review these rights and ensure that you properly understand the business impact of each such right. The next step would be to review your business’ communication and information material to ensure that it clearly states all necessary information and ensure that effective systems are in place to enable the organization to give effect to these rights. You also need to ensure that you’ve established the policies and procedures to handle the wide variety of requests that the law gives individuals the right to demand. Step 5: Plan for Subject Access Requests (SAR) A Subject Data Access Request (SAR), referred to in the GDPR as a right of access, entitles an individual the ability to view what information an organization holds about them. Having a system in place to handle SAR effectively and within the legal timeframe is key to becoming GDPR-ready. A practiced SAR plan should include, among others, the policies and internal processes to identify staff that need to be GDPR-trained. It should also define how your organization will establish a method of assigning SAR’s to trained individuals, along with deadlines and alerts, whilst retaining visibility and management reporting. Step 6: Conduct a Data Processing Audit Organizations may need to prove that they have a legal ground to collect or process data. Currently, most organizations use consent by default, but the GDPR toughens the rules for getting and keeping consent. It details out five lawful grounds for processing data. Organizations should learn when these grounds can be sought and adjust their data collection policies appropriately. One of your key steps will be to document a processing data audit outlining the different data processing types your organization performs and the legal basis for why they perform them. Step 7: Review How You Seek, Record, & Manage Consent The GDPR lists specific requirements for lawful consent requests, but must also be given with a clear affirmative action. Consent requests must not rely on silence, inactivity, default settings, taking advantage of inattention or inertia, or default bias in any other way. Check if your current consents need refreshing. You must have an audit trail of how and when consent was given so that you can show that you are compliant if challenged. Since individuals are free to withdraw their consent at any time, you also have to have a system in place to remove them from your records. Step 8: Safeguard Children’s Data If GDPR’s rules on children affect you, take steps to ensure that appropriate parental consent mechanisms are implemented in your processes, including verification processes. Your notices, if addressed to children, must be child-friendly. Remember that children will have the same rights as adults over their personal data. These include the rights to access their personal data, request rectification, object to processing and the right to have their personal data erased. Step 9: Review Your Strategy for Protecting Photo Editing Services Your Data and Handling Data Breaches Make sure you have a robust breach detection, investigation and internal reporting procedures in place. Equally, it’s important to have a response plan that addresses any personal data breaches that may occur. Step 10: Adopt a Privacy by Design Approach The GDPR requires organizations to adopt the principles of “privacy by design and by default” and embed appropriate security measures into their systems at the outset, rather than applying features retroactively. Privacy by design is crucial for organizations not only as a compliance requirement but also because it nudges them to look at cybersecurity processes in a more focused and serious way. Step 11: Designate a Data Protection Officer The GDPR makes the appointment of a DPO mandatory for organizations regardless of their size or whether they are a controller or a processor in select circumstances. For more details on these specific circumstances and the responsibilities of a DPO, check out our earlier blog on “Responsibilities of a Controller, Processor, and Data Protection Officer According to the GDPR.” Step 12: Determine International Authority If you operate in more than one EU member state (i.e., you carry out cross-border processing), you should determine your lead data protection supervisory authority. The lead authority is the supervisory authority in the state where your main establishment is. Determining who the LSA is will require legal, practical, and strategic considerations. Disclaimer: Please note that in this blog, we have provided basic information regarding the GDPR. WSI is not a legal authority for GDPR and can only offer advice on the best practices to follow while carrying out any digital marketing initiative. However, for advice regarding the legal interpretation of this law for your business, please approach a legal or data protection official.
0
0
5
sifat
Feb 19, 2022
In Wellness Forum
We’ve written plenty about the importance of the customer experience over the last few years. Whether it’s attracting and retaining talented employees by living your brand, or delighting customers by delivering experiences that keep your brand’s promise, smart organizations know that doing these things boosts their bottom line. Person sitting in front of a laptop, with a wallet in their hands, pulling out money. Unfortunately, there are still far too many companies that don’t realize they are losing a significant amount of money by not keeping the promises they make. It happens all the time. As in, I heard two examples of companies failing miserably at keeping their brand promise in the last week – and that’s just within my personal sphere of influence. It must be comical how much money is lost on such avoidable mistakes. The good news for savvy organizations is that if you’re keeping your promises and delivering great customer experiences, you’re not only gaining a significant edge on your competitors, but you’re making money. Here’s How Not to Live Your Brand Recently, a friend of mine who is in the throes of a job search told me a horrifying story that highlights how often – and how terribly – businesses fail at representing the brand they outwardly portray to the world. This friend is a talented, hardworking and extremely passionate employee who any company would be lucky to have. So naturally, after an initial 45-minute phone interview, the company in question wanted to bring her in for an interview. Despite the fact it was about a 90-minute commute to their office (remember this for later) my friend was excited. The company’s products – online assessments to help organizations streamline the hiring process and make better decisions – intrigued her, and the office culture seemed good. After the first in-person interview, which she thought went well, they sent her a couple of their online assessments. She said she was happy to complete them, because it gave her insight into how the products work, but she also noted that they took two hours to complete. The next step in the process was a second interview, to meet a peer she would be working with, as well as the Vice President of the company. Unfortunately, the Vice President had to cancel his portion of the interview, but my friend said she got along well their her potential peer and felt good about her chances. She was told she wouldn’t have to come back to meet the VP and that there were no further assessments. However, the next morning she had an email linking her to a third assessment, which took over two hours to complete. At this point, she started to get a bad feeling about the company, but she completed the assessment, and was happy to receive a request for her references the next day. Maybe it was all going to work out, she thought. They just wanted to be sure. She was wrong. The next week, she was asked to come back into the office to meet with the VP. Yes, the one who cancelled on her in the second interview and yes, the one she was told she wouldn’t have to meet with. Remember that 90 minute commute, which she had already done twice? The hiring company was now asking her to do it again – directly as a result of a promise they broke to her. And all the while they took zero responsibility for anything. In the end, she understandably couldn’t justify dedicating any further time away from her actual job, and didn't feel good about the confusing and broken hiring process. When the company insisted a phone call wouldn’t be enough, she removed herself from consideration. Fail To Live Your Brand The company lost in two ways. First, they lost the best employee they could have hired, one who no doubt would have made them money with her skills, energy and presence. Second, they now had to repeat the lengthy process all over again, and let me just say this: if they weren’t sure my friend was right for the job, I have no idea how they’re going to be sure about anybody. This company is losing money because they don’t live their brand. And if they’re not living their brand through the internal hiring process, there’s a very good chance the marketing messages they send out into the world don’t mesh with the experience they deliver to their clients, either. Not living your brand is the gateway to breaking the promises you make to your customers and shaving dollars off your bottom line. Why Failing to Keep Your Promises Costs You Future Profit If you’ll oblige me, I have another story. This one is about how a company cost itself future profit by breaking a promise with a customer. In this story, a young couple is in search of a landscaping company to do some work to the interlocking bricks on their front walkway. After completing the first few steps of the new-age digital buying journey, the couple meets with a few companies, gets a few quotes, and makes a decision. Throughout the process, one of the most important factors in the couple’s decision is timing. They would like the job done by a certain date, so they choose the company that gives them a set date for the project, and also tells them how long it will take to complete. Since we’re talking about broken promises, you know where I’m going wit this. The company called the couple and nonchalantly pushed back the date of the walkway project. They did apologize, but offered nothing in the way of compensation. They even had the audacity to say the delay “wasn’t our fault.” Newsflash, business owners. If your product or service is delayed, it’s your fault. It doesn’t matter if the reason for the delay is your supplier, a sick employee, or something else. Look, stuff happens, I understand. Things go wrong and it doesn’t work out. But you are entirely responsible for the customer experience you deliver, so never ever shirk responsibility when something goes wrong. It makes broken promises that much worse, and you’ll lose that much more money. So, how does the landscaping company Philippines Photo Editor lose money in this exchange? They haven’t lost the job (yet), but if it gets delayed again, they might. Assuming it doesn’t get delayed any further, they’re still going to lose money. Had the landscaping company kept their promise and done a good job, it’s extremely likely the couple would use them again, and perhaps multiple times, for their future landscaping needs. As a result of the broken promise, even if they do a good job, the couple probably finds a different company next time. Not only that, but they also won’t recommend the company to their family, friends and neighbours. That’s lost money in more ways than one. Good Customer Experiences Make You Money It’s simple – if you work hard to keep the promises you make to your customers, your business will grow and you’ll steadily make more money. You’ll get good reviews, more referrals and plenty of repeat business. As simple as it is in theory, it’s harder in practice, as I outlined with these real-world examples. I’m sure everyone reading this has their own examples of broken customer experiences. Remember how these experiences made you feel and act the next time you think about breaking a promise to your customers. And if that doesn’t work, remember this: poor customer experiences are costing you money.
0
0
4
 

sifat

More actions