GDPR has arrived and along with it, are new challenges and opportunities that most companies are not prepared for. Subject Access Requests are coming in at high rates, impacting the operations of nearly every business.
Here’s what we learned.
DG: Having received your first SAR since May 25th, can you walk us through the experience of receiving and processing it?
“Prior to the GDPR coming into force, we would typically receive 3 requests a quarter, but we are now receiving 9 or 10.”
RM: Of course. We already have a tried and true process in place for managing requests through our Customer Relations Team, but they do take a lot of time to process and can prove complex. As a business, we hold a lot of information about our customers and their journeys with us — right from their initial purchase of a product, through to making a claim, and of course, complaints handling.
Our most recent SAR was for a customer who experienced some issues during a claim in their property, and there were a lot of notes and reports that needed to be collated and sent out; and the resulting pack was rather large but certainly not unheard of.
With GDPR in place, consumers are becoming increasingly aware of how widespread their data is and will now look to companies to protect and communicate regarding personal data. For a businesses to succeed, they must ensure their customers are satisfied with the way their data is handled and trust the company with their information.
DG: How can firms reassure customers that their privacy is handled with care by the data protection team?
“One of the fundamental principles of the GDPR is transparency. Individuals have a right to know who is collecting their information, how it is being used, where it is stored and who has access to it.”
RM: If businesses want to reassure their customers and gain their trust regarding their personal data, then they need to be open, honest and transparent.
Tell your customers who you are, why you need the data you’re collecting and what you will use it for. Then, above all else, stick to what you have said. Treat your customer’s data with respect, and your customer will repay you with their trust and belief in the values of your teams.
To comply with regulation and manage data effectively, companies may need to seek legal counsel or build a team to handle consumer privacy and data requests. One leading method is to appoint a Data Protection Officer.
DG: What kind of tasks do you oversee as a Data Protection Officer?
RM: My day to day activities can vary greatly depending on what part of the business I am working in. Mainly, I am here to advise the business on how to use the data we have — effectively and fairly — assist with customer concerns and help the business get the right balance between its commercial desires and protecting the rights and freedoms of its customers.
DG: What makes your role so essential to a modern business?
“My role is an independent one. I can be called upon by the business and individuals alike, be they a customer, an employee or even a member of the public who wants to know if we process their data and why.”
RM: Having a DPO is essential for modern business because they grant access to data subjects that they haven’t always had before while also helping to keep the business operating in a manner which meets its commercial needs and desires.
DG: How have your responsibilities evolved with GDPR?
RM: In all honesty, they haven’t changed much for me. I am in a very fortunate position in my current role — in that I had been allowed to build and develop a privacy framework prior to the GDPR coming into play. What the GDPR has done is enable me to develop greater in-house capabilities through our DP Champion programme, so we now have more people on the ground to help with day-to-day queries.
DG: Why can customers trust Homeserve with their data?
RM: HomeServe has worked really hard over the last 5 years to understand the data they hold and to work out a value proposition that meets the expectations of its shareholders as well as its customers. We pride ourselves on treating our customer and employee data with respect, with transparency and never sharing any data with third parties outside of our Group. Our customers trust us not only with their data but with their homes, and we are proud to provide the service we do.
As a company of the United Kingdom, Homeserve has been ahead of most businesses, developing methods to deal with data privacy prior to the enactment of GDPR. Merrygold’s insights provide a look into how companies can adapt to increasing data regulation and continue to satisfy customers with their privacy and trust. We would like to thank Richard for joining us and providing his expertise.
Check out our next Interview Series with Melanie Kennedy, Vice President and General Counsel at MarketStar!