While analyzing an individual’s data to determine his or her preferences in a particular category might have benefitted the data analysts and marketing companies like never before, and they have reaped massive amount of benefits through the proper utilization of analytical tools, but that comes at the expense of a privacy violation of an individual. It is about to change with the introduction of GDPR for European Union Citizens.
The Prior Consent is applicable for the Personal Data and not to the Generic Data. With the huge surge in the digital revolution, we are all connected with each other through Digital Platform like never before. And due to this fact field of data analytics has seen the boom like never before. We all frequently visit various websites, like, share or comment on various articles, posts, or pictures, etc. All these reactions, posts, shares can be analyzed through multiple analytical tools. The data analysts can analyze your interest in a particular segment and then provide the data to a marketer working in a similar field, who will then pitch a product falling in that category through email or digital advertisement etc.
What is profiling according to GDPR? And how does GDPR impact the profiling?
- There are going to be serious limitations to the data analyses of the customers and processing their personal data after the implementation of GDPR
- According to GDPR, profiling is anything that analyses an individual’s data and makes automated decisions based on the test subject’s religious beliefs socio-economic situation, preferences, movements and so on. It is done for the benefits of the legitimate business purposes without infringing the privacy of an individual.
- The organization profiling the test subject has to inform him or her about the data that is being processed and should highlight the reasons behind it and the potential consequences of the same.
- They should also provide an Easy Opt-out option to the test subject.
- If a credit card company is profiling a customer to understand the credit limit (a legitimate business purpose), the company should provide an Easy Opt-out option to the customer.
- This is to make sure that the personal data of an individual is not tampered with and not misused for any other purposes than what he or she has given permissions for.
- If the automated decisions are taking place on the basis of data analyses, then the organization has to make sure that any discriminatory factors like religious beliefs, political views, race, sexual orientation, do not take place.
- The algorithms derived from the automated data can develop bias over the period of time resulting in discrimination through a positive feedback loop.
- If it is found that any sort of bias is taking place, then the organization can face serious penalties potentially reaching up to 20 million euros.
What is Consent according to GDPR? How should it be obtained?
- According to GDPR Article 4 regarding the personal data of the data subject is:
- A freely given,
- Clearly expressed
- Specifically given and
- An unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to processing the data related to him or her.
- The organizations will have to ask for the consent of the test subject before analyzing the data
- It has to be mentioned why the data is being analyzed for, e.g., segmentation
- If it will be used for any other purpose, again the permission of the test subject has to be taken separately.
- Only in the case of legitimate business interest as explained in the above topic, information and opt-out are to be provided.
Why Data Anonymization will be in demand!
- As consumers, consent is a must for each and every use, and separate consent for every other marketing purpose, the amount of data available to a data scientist is going to be reduced significantly.
- Very few consumers will give their consent to the services and marketing purposes.
- But there’s a way out!
- If the data available doesn’t qualify as a personal data of an individual, then it can be used for marketing research purposes without prior consent.
- For data analysts who don’t want to ask for the consent every time or don’t want a significant reduction in the numbers, they will need to have a robust Data Anonymization.
What is Personal Data in B2B? Which data can be used for marketing?
- The data of sole traders and partners are considered as personal data. You will have to ask for consent first before marketing anything.
- The business email of an individual is personal data as it states the name of an individual. But according to The Privacy and Electronic Communications Regulations (PECR), they can be marketed provided that you give an Opt-out.
- The generic business data like firstname.lastname@example.org or email@example.com can be marketed but with an Opt-out.
- The Prior Consent is applicable for the Personal Data and not to the Generic Data.
- For legitimate business, information and opt-out are required.
- Data analysts will need to take prior permission before marketing.
- Data anonymization will be in demand.
- For B2B data of sole owners and business, email-ids are personal data, but business email ids can be marketed.
You may also like to Read: