Customers’ digital paper trails are longer, and more complex, than they understand — possibly even the employees working for the brands collecting this data fail to truly comprehend just how much data is being collected and how it is currently being used.

Yet change is afoot in the business of data collection and processing. On May 25th, 2018, the new GDPR (General Data Protection Regulation) laws will come into play — meaning all companies collecting and using data within the EU, or on EU citizens, will need to follow stricter policies and ways of working.

So, how can you keep track of how you’re keeping consumer data?

Analyze the type of data you’re collecting today

If you’re currently collecting names, phone numbers, email and street addresses or bank details, then you are accumulating what is defined as “personal data.” However, if you also collect fingerprints or other biometric data, geo-locations or demographic profiling (such as life stage, marital status, etc.), this will also classify as “personal data” under the new GDPR. Therefore, you’ll need to ensure your collection, storage and reuse of this information comply with the new rulings; read more on the new GDPR laws and what it entails and how to avoid fault and penalties.

Indeed, many customers struggle to understand why this (potentially sensitive) data is being collected on them. For instance, some may see value in having their email address stored to receive promotional news and first access to event tickets or discount sales. Yet they may deem it unnecessary and intrusive for the companies they buy from to know whether they are married, single, divorced, cohabiting, etc. You should reappraise the type of data you collect, and decide if it’s truly necessary to attain. At present, consumer trust in online services is low — you can rectify this by ensuring you respect their privacy.

A word of warning: the industry that you work in may also affect customers’ demands post GDPR. One survey found that almost half its sample were keen to ask social media companies to release their data, while only 21% were preparing to demand the same of their bank.

Consider how you collect data

In light of the updated GDPR, you’ll need to be truly transparent and make customers fully aware of moments when their data is being collected.

You can utilize elements such as pop-up windows on your website and obvious ‘opt-in’ boxes on digital forms to enable customers to take control of the data they share with you. Indeed, the meaning of ‘consent’ will be redefined following May 25th; requests for data will need to be unambiguous and require active participation from customers (e.g., ticking a box to confirm they do want further contact). You’ll need to go live with your new data collection approach on May 25th — there will be no grace period.

Revisit your data storage solution

Techniques for data storage vary from business to business: some use Cloud hosted databases, others collect paper copies of customer profiles. Whichever approach you take, if you’re collecting data on EU citizens, you’ll need to ensure this storage is entirely secure and up-to-date.

In conclusion…

If you have been operating somewhat in the dark about the data you collect on customers and why you collect it, you’ll need to become more aware and engaged as of May 2018. Take action now to ensure you’re GDPR compliant, or risk heavy compensation claims and penalties.