14 March 2018 421 words, 2 min. read

GDPR : these 2 examples prove that US companies are not ready

By Pierre-Nicolas Schwab PhD in marketing, director of IntoTheMinds
I gave a keynote speech in February in New-York about the need for US companies to adapt to GDPR. I my discussions with companies over the last 12 months I indeed found out that most companies hadn’t prepared sufficiently (or […]

I gave a keynote speech in February in New-York about the need for US companies to adapt to GDPR. I my discussions with companies over the last 12 months I indeed found out that most companies hadn’t prepared sufficiently (or at all) for GDPR.
For a vast majority of companies raising awareness is still a priority and my recent trip to New-York (for the FAT conference) made it clear to me that US companies are mostly unprepared to handle EU citizen data according to GDPR requirements.

Here are two everyday examples that show how US firms are unprepared to handle EU citizens’ data

Example 1 : No compliance with GDPR in a coffee shop

I went for a walk in SoHo and had a coffee in a small (by US standards) coffee shop. The shop announced proudly it was paperless (no cash, no receipt on paper).
I had to pay my double espresso by card and had to enter my email address to receive my receipt. Which I did.
The same day I received a promotional email although I had not opted in.

What’s the solution to be GDPR compliant ?

In this case the solution is very straightforward and only requires a little bit of common sense : add an opt-in !
Not requiring an opt-in may be tolerated in the US from a legal viewpoint but common sense commands that the customer be placed at the center. Who honestly would like to received unwanted correspondance ? Whether a customer is American or European should make no difference for a firm that wants to treat its customers decently.

 

Example 2 : No compliance with GDPR in a drugstore

At Duane Reade customers checking out are first asked to give their phone numbers. Why is that ? Which finality does command that phone numbers be collected prior to payment ?
I asked the cashier who was unable to answer and I ended up paying by cash.

What’s the solution to be GDPR compliant ?

In that case the solution is stop stop asking for a phone number prior to payment. It can only backfire. When I asked the employee why giving a phone number was required she told me most customers don’t give it anyway and leave some arbitrary key strings. In other words data quality is bad and the firm won’t be able to make any use of it. Why keep asking for it then ?
The principle of minimization is a sound one as it forces firms to focus on what’s important, simplying their data models and leaving crappy data aside.



Posted in big data.

Post your opinion

Your email address will not be published. Required fields are marked *