Talking about data can be confusing and complicated, especially when it comes to collection, use and consent. Because of GDPR and similar proposed laws in the U.S., as well as Facebook's ongoing data problems, customers are more cautious than ever about the amount and type of data the company uses.

Every business, whether online or offline, collects and uses data about its customers. However, the amount of data available online today is enormous. New businesses need a robust data strategy to understand what they collect, how they store it, and how it is used. Even companies that have used data in the same way for years may need to rethink their strategies as data continues to be a point of tension for consumers.

What is the General Data Protection Regulation (GDPR) ?

The GDPR is a regulation that replaces the Data Protection Directive. It's a regulation, not a directive. This means it applies directly in all EU Member States, without the need for any national implementing laws or regulations (although it allows for these to be adopted).

The GDPR applies to all companies handling personal data of residents of the European Union (EU), even if they do not have an establishment in the EU.The GDPR is a major step forward in the protection of personal data and will affect how we all collect, handle and use information about individuals. It is crucial that businesses understand how to comply with the regulation and complete an effective risk assessment to identify areas where personal data could be vulnerable. This process of continuous improvement can help safeguard valuable information assets, as well as protect individuals’ privacy.

Types of data:

It all starts with understanding what the different types of data are and how to collect them. There are currently three types: + First Party – Data collected directly from consumers by the business that owns, uses and stores this data + Second Party – Collected by one business directly from consumers and shared or sold to another business + Third Party – A business where data collected by one business comes from multiple sources of businesses unrelated to consumers, often purchased by individual businesses and then consolidated for resale

Keep in mind that many companies collect data online, but brick-and-mortar stores and services often track data through accounts and loyalty programs as well. All this data is usually aggregated for use by third parties.

What is the use of data?

Businesses use data in a variety of ways, including ensuring the best experience for customers, reaching audiences more likely to buy their products, and building broader audiences.

Example: A home builder is developing a new home and needs to sell units. They pull data from their own website and previous home buyers on record to determine what information potential customers are most likely to seek. By looking at the traffic and upgrades that matter most to their current customer base, they can create targeted ads that resonate and generate more interest. (First Party data)

The homebuilder then contacts the local real estate company to request a promotional partnership with them. They have a deal so homebuilders can use their data to target buyers in a certain price range who search for ads they buy on real estate company websites. That way, they have the best chance of reaching local buyers interested in their home. (Second Party Data)

Also, the builder then goes to the exchange and buys the record. They use this record to find other websites that potential home buyers might use, such as B. hardware stores, furniture stores, and mortgage banks. They use this information to show their targeted ads to a larger audience. (Third Party Data)

Why are consumers worried?

It all boils down to consent. Facebook is in trouble for allowing apps to share or sell data without consumers' consent to share data in this way. In the United States, disclaimers on websites stating that use of the site constitutes consent to information sharing are still common. However, companies are slowly moving from assumed consent to active consent.

Active consent means companies not only have to inform consumers about what data they have collected, but also give them the opportunity to say yes or no. Denial may imply certain restrictions on how the site can be used, but should not immediately render the site unusable. Note that pop-ups informing consumers about data sharing but not giving them an opt-out still count as consent. Active consent requires choice.

Transparency about what data is collected, how it will be stored, when it will be used, and if it will be sold can help a customer overcome concerns about using a particular service or company. Whether a company chooses assumed or active consent, being clear with customers will likely benefit them in the long run.

Can companies avoid data altogether?

Maybe not. When businesses use programmatic ad deals, SEO strategies, or fraud prevention software, they are using some form of data. Every loyalty program, account creation, and even mailing list needs data. While first-party data is generally considered the safest and least intrusive for consumers, third-party data is also sometimes critical for marketing and security.

Every company needs to have a clear policy outlining how and why it uses data. This should be clear and easily accessible to consumers. Protecting this data will continue to be important in the future.