For a number of years now, companies of all sizes have embraced Corporate Social Responsibility, or CSR as an integral part of their business practices. CSR is often described as “Going beyond the minimum requirements of standard regulation and compliance”. This can be in a number of areas – whether that is treatment of employees, environmental aspects or ethical standards, for example.
We would like to introduce a new concept; Corporate Data Responsibility, CDR which, in very simple terms, is the process of not only following standard data and privacy requirements, but in fact going beyond the standard requirements. By providing CDR that exceeds regulatory standards, the company can create a competitive advantage over other companies that simply stop at compliance.
The EC Directive on Privacy and Electronic Communications was first created in 2002, but the first visual (website-based) manifestation of this was in May 2011 when the so-called “Cookie Law” was introduced. This was, in fact an update to the initial directive that required companies to give visitors a choice as to the storage of cookie data. The much talked about GDPR or General Data Protection Regulation replaces the original EU Data Protection Directive of 1995 and this was adopted in April 2016 and will be implemented on 25th May 2018.
As a result of this directive, many companies are having to make extensive investment to meet the standards set out by the GDPR Directive and not surprisingly this means that GDPR is looked upon with some amount of irritation. This could be compared, perhaps, to legislation related to emissions or waste disposal – something that requires investment and continuous cost. However, the companies that have embraced these legislations and turned the negative cost element into a CSR-driven campaign have managed to turn that investment into a marketing advantage.
This is why we propose that companies embrace CDR, Corporate Data Responsibility, and take directives such as the Cookie amendment and now GDPR as an opportunity to create better relationships with their clients, give their business greater transparency and show their positive actions towards protecting their customers data. In this respect, GDPR is just a small part of CDR.
Looking into the future, we expect further amendments to be made to the data legislation framework and having a strong CDR policy will create a platform for managing, absorbing and complying to these changes. For example, later this year it is likely that we will see the replacement of the 2002 Directive on Privacy and Electronic Communications with the ePrivacy Regulation that will put many of the privacy settings into the browser, instead of them being requested by every website (as required by the Cookie law). This, once again, changes the responsibility of the company and we would suggest gives an opportunity to create better communication and transparency to the visitor.
At Nemetos Tanasuk, we assist companies in managing their digital journey, helping them to continuously evolve with the market and of course evolution in line with legislation is part of that. In the coming months, running up to the GDPR implementation date, we’ll be posting a series of CDR related blogs to help you make the changes required for compliance, but also to perhaps think about how you can go “above and beyond” the requirements to really provide a better service to your clients. Our first post next week will be about how to actively manage the transparency around Personalisation that is part of the PII (Personally Identifiable Information) expressly covered by GDPR.
- 1. Corporate Data Responsibility
- 2. Personalisation and Personally Identifiable Information (PII)
- 3. How to avoid a #DeleteFacebook debacle: CDR surfacing solutions
- 4. Responsible PII Practices
#CorporateDataResponsibility, #CDR, #GDPRcountdown
Join our Webinar: GDPR and Corporate Data Responsibility:
Practical steps to ensure your website is compliant.
Date: Wednesday 9th May 2018
Time: 10:00-10:45am GMT