“Never let a good crisis go to waste.”
In October of 2013, I ventured to Asia for the first time – specifically South Korea. I was keynoting a conference on technology and creativity. With the time difference, I arrived a few days early to acclimate myself and poke around the city.
Not long after I arrived, I purchased something with my Visa card. Not long after, my phone rang. Visa wanted to know if I had in fact used my card in Seoul.
Normally, irrelevant calls annoy me but this one pleased me. It meant that Visa was monitoring my account for potential fraud. The company had detected a false positive. I verified that I did in fact buy the item in question and thanked the rep for the phone call. I'd rather address these one-off purchases than have my credit card company ignore them all together.
I see a similar opportunity around the General Data Protection Regulation and consent. Specifically, there remains a question about whether marketing departments need to receive fresh consent from their consumers. As eponymous attorney Phil Lee writes:
This confusion stems in large part from Recital 171 of the GDPR, which reads: “Where processing is based on consent pursuant to Directive 95/46/EC, it is not necessary for the data subject to give his or her consent again if the manner in which the consent has been given is in line with the conditions of this Regulation, so as to allow the controller to continue such processing after the date of application of this Regulation” (emphasis added).
I don't understand the ins and outs of the legislation, let alone its individual directives. I don't profess to be a lawyer. As a result, I tend not to look at things through a legal lens. As I mentioned in my last post, the GDPR represents an opportunity for organizations to brand themselves as consumer-first. In other words, they can add friction to a formerly friction-free process – even if the new legislation doesn't necessarily mandate it.
Imagine seeing this pop-up on your screen as you're about to make a purchase from a vendor that you've previously authorized:
Going above and beyond can turn a potential catastrophe into a positive. Case in point: See how Johnson and Johnson handled the 1982 Tylenol recall.
Simon says: Think about an overarching vision
Don't get me wrong. It's imperative for organizations to take steps to ensure that they follow the GDPR. At the same time, though, think about the benefits of adopting an overarching vision – one predicated on doing the right thing with the GDPR, even if clever attorneys can spot loopholes.
What say you?Download a paper about SAS Data Management and the GDPR