The GDPR Needs to Have Its Teeth Sharpened

Data protection and data privacy have quickly transitioned from an issue that only concerned paranoid tech enthusiasts and conspiracy theorists to the hot topic of discussion for everyone.

So in researching this month’s cover story, “GDPR: A Year Later,” I was therefore surprised to find out just how little enforcement has been taking place around the European Union’s General Data Protection Regulation. Regulators across the 28 European Union member countries—at press time Great Britain’s Brexit strategy had yet to be agreed on, much less implemented—have only handed down a small number of fines, and the dollar amounts of those fines have been microscopic compared to what they could have been. Companies could be hit with penalties as high as 4 percent of their yearly turnover, but so far, none of them have even come close.

Equally surprising is the profound lack of compliance by many companies, both inside and outside of Europe. By many accounts, far fewer than half of all marketers have fulfilled their requirements under the GDPR, and a significant number of them question whether full compliance will ever be possible.

The GDPR, which was designed to prevent marketers from hitting consumers with mass email, web ads, text messaging, and other communications without first getting their explicit consent, has a lot of potential, but it needs to have teeth. After European lawmakers went through so much effort to craft the GDPR, after CRM technology vendors went through such pains to update their software, and after consumers got their hopes raised so high, to not follow through on the enforcement side does everyone a disservice.

Europe can’t afford to screw this up. After all, the rest of the world is watching.

The United States, for example, is reportedly moving toward enacting similar legislation (that is, if Democrats and Republicans can agree on anything these days). But if a similar law is passed here, we cannot let our version of the GDPR go the way of the National Do Not Call Registry.

When it was introduced in 2003, the Do Not Call List was hyped as the ultimate in consumer protection. Today, it is little more than a suggestion, if not an outright joke. With autodialers, telephone number spoofing, robocalling, and identity masking technologies, bad actors place calls to phone numbers on the registry all the time without fear of government reprisals.

Though both my cellular and landline phones are part of that database, which contains about 235 million numbers, not a day goes by when I don’t get at least one illegal call with a recorded message offering to help me pay down my nonexistent student loan, buy me out of the timeshare contract that I never signed, or charge my credit card for a donation to some fictional charity.

And while we’re marking anniversaries, 2019 marks another milestone in CRM history. It’s been 10 years since the “United Breaks Guitars” story began—if you can believe it, the song first appeared on YouTube in mid-2009. Though tremendous progress has been made, there are still a few companies that continue to struggle with customer service through social media channels, as Associate Editor Sam Del Rowe points out in his feature, “Social Customer Care Requires Compassion.” The article makes the point that companies cannot rely solely on canned, prepackaged responses to customer requests on social channels. That was a big part of the problem that set United Airlines’ troubles in motion 10 years ago, so I am surprised that this is still something that needs to be said.

Automation has its place, and as our lead Insight story points out, its use in the contact center is growing quickly. We need to remind companies, though, that the human beings who contact customer service sometimes prefer to talk to other human beings, so it is imperative that real people are on hand as well. Even more than that, there are times when the humans who answer the phones or respond to customer tweets need the freedom to go off-script, to think and act on their own, and to interject a little bit of humanity into their customer interactions.

Today’s customers expect no less, and that is fine.

Today’s customers also expect that their privacy and preferences will be respected by the companies that want their business. And that is fine, too, as long as government regulators share that goal.

Leonard Klie is the editor of CRM magazine. He can be reached at lklie@infotoday.com.