With just over 10 months left on the ticking clock that is the remaining GDPR preparation time, we move on to the ‘ right to erasure ’, more commonly know as the ‘ right to be forgotten ’.
This part of GDPR regulation puts the power over personal data back into the customers’ hands, and can cause quite the headache for marketers and data officers with a blurred understanding of what data has been collected and where that data resides across sometimes sprawling data infrastructure.
The right to be forgotten and its main principles is probably best summarised by the ICO*:
“The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing…
The right to erasure does not provide an absolute ‘ right to be forgotten ’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing…”
As with all of GDPR, a failure to adhere to the right to be forgotten could attract harsh penalties in the form of crippling fines. However, the right to be forgotten can also be a carrot – or perhaps a stick – that will drive better practice across marketing activities, so that the incidences of customer requests to be removed.
Let’s face it – the average person is not going to be sending out right to be forgotten requests to companies on any expiration date of their original data provision. Under GDPR rules, those who do not want to be marketed to would have denied their consent at the start of the process, in a far less troublesome and more transparent way for both customer and company to manage data permissions. The right to be forgotten will raise its ugly head only on very rare occasions, one of which, as stated above, is when previously given consent is withdrawn.
Obviously, companies should be prepared to act when right to be forgotten is invoked, but the majority of preparation should be focused at prevention rather than compliance. While improved data management is central to GDPR adherence, marketers can play their part too. It is the use of data at customer touchpoints that will spur on the majority of right to be forgotten requests and so customer experience becomes paramount to any prevention strategy.
If customer experience is improved – i.e. customers see only relevant ads at relevant times, rather than being chased around the web by creepy banners – then customers will not be forced into withdrawing their marketing consent, thereby resulting in reduced losses of marketing audience and less erasure of data. Marketers can achieve this by extracting the most value out of the data they have to provide the best digital experience that is unified across customer devices and media channels.
Of course, when customers do remove their consent, it helps to have implemented data management systems that can handle this change in an automated manner. As mentioned in our previous GDPR article, data management done via manual processes is incredibly labour intensive and, in this always-on economy, does not fulfil the expectations of the customer in terms of speed of response. Teavaro provides means by which companies can fulfil such obligations and expectations automatically whilst also providing the basis for an effective marketing strategy that will assist prevention of right to be forgotten requests.
For an example of what such a prevention strategy might look like in real life, here is an overview of the work we are doing on the TM Forum Catalyst programme to assist interconnected retail starting at digital touchpoints. By improving customer engagement through marketing personalisation, marketers can do a lot to help prevent the headaches that come with GDPR’s enforced amnesia…