2 years after the implementation of the GRPD (RGPD in French) by the European Commission, it’s already time to take stock. In France, the CNIL is responsible for overseeing the implementation of the General Data Protection Regulation, which is now mandatory throughout all the European Union.

If today’s citizens seem more informed than ever about their rights in terms of privacy and personal data, what’s the status of the implementation of the RGPD law and the preference center in companies? Merlin/Leonard sheds some light…

Where do we stand with GRPD in 2020?

As you know, this year the GRPD celebrates its second anniversary and the European Commission drew up a rather positive initial assessment a few months ago. But before we go on reassure us, you all have the definition of GRPD in mind don’t you?

For the record, this is the General Data Protection Regulation drawn up in 2018 by the member states of the European Union. Let’s take a look together at some of the highlights, just over 2 years after the RGPD law came into force.

Citizens and businesses better aware

30 months after its implementation by the European Commission, the GRPD already seems to be well entrenched in the practices and minds of web users. Proof of this is the 27% increase in complaints to the CNIL in 2019, which already followed an initial remarkable 32.5% increase in 2018.

Today, the RGPD is setting itself up as a real model, since it has already crossed Europe’s borders to be adapted by several foreign countries, located outside the European Union. California is a case in point.

In fact, Mark Zuckerberg himself extolled its virtues in a recent video published by CERRE. The last straw! In any case, it’s indicative of the unprecedented impact of the General Data Protection Regulation at global level.

Many French companies are redoubling their efforts to comply with the GRPD (RGPD). For example, personal data protection officers, or DPOs, are becoming more and more common in companies. But there are still real questions today about data security or the practical implementation of the regulation, particularly for SMEs.

SMEs: when GRPD (RGPD) rhymes with impassable pass (or almost)

After Google or British Airways were sentenced to record fines of several million euros, the major groups have stepped up the pace. On the SME side on the other hand, many are still lagging behind when it comes to RGPD compliance. It can even be a real headache for start-ups or small companies that have neither a legal department nor the means to pay an external service provider.

Lack of time, lack of staff but also lack of budget. Implementing European regulations on personal data protection requires numerous investments that not all companies can afford.

The DPO: new guardian of the GRPD (RGPD) consecrated by containment

What if we told you that Covid-19 hasn’t only had negative impacts on companies and their development!

In fact, containment has been an extremely propitious period for GRPD (RGPD) compliance in companies. So according to Data Legal Drive, nearly 40% of DPOs took advantage of the containment to take the issue of personal data management head on, placing updating the brand-new register of processing at the top of the list.

But by the way: what’s a DPO? Well, it’s simply the data protection officer. He or she is responsible for the protection of personal data in companies and public bodies. By 2019, nearly 64,900 organizations had designated their DPO.

RGPD: but then what actions to put in place?

Now rest assured, because when it comes to GRPD nothing is totally insurmountable. To take action without delay, simply follow the 4 steps detailed by the CNIL:

1. Create a data processing register: this document lists the various categories of personal data processed. It allows you to define what they are used for, who can consult them, who you communicate them to and how long they are stored. As a company director, you have full responsibility for this register! With Marketo, this is done automatically.
2. Sort through the personal data collected: once you’ve set up your register, you’ll be able to sort through all the data you collect on a daily basis. This is the time to check whether the data exploited is really necessary for your business, whether you handle sensitive data or whether the data collected is secure and kept for a limited period of time.
3. Respect people’s right to privacy: with the GRPD, every time you collect data, you must inform the user of the purpose of the collection and its legal basis. You are obliged to explain who accesses their data and how long it is kept. Finally, you must inform users of their rights in terms of personal data protection, the right to privacy and the right to be forgotten.
4. Secure personal data: this is one of the major challenges of the GRPD and you must redouble your vigilance to guarantee total security of personal data. Antivirus, software updates, data encryption, complex passwords, you must never skimp on the means.

What if the GRPD preference center (Centre de Préférences RGDP) became your workhorse?

Mandatory under European law for over 2 years now, the preference center is one of the provisions of the GRPD law, the General Data Protection Regulation. This form enables better privacy protection and greater security for data shared by users, notably by introducing the consent dimension. Discover now the advantages of the preference center for companies and users.

But why a preference center (PC)?

What if we told you that even more than a constraint, the PC can become a real ally. PC contributes to the development of a bond of trust with your customers and prospects. But that’s not all!

Thanks to the RGPD preference center, you’ll be able to easily :

• Reduce the number of spam complaints and provide a real alternative for users who wish to unsubscribe from your offers. From now on, they can choose to: unsubscribe, report you as spam or better now easily manage their preferences.
• Promote your offers: PC can also offer your company an additional opportunity to communicate the breadth of your content, which is thus presented on a single page. All that’s left is for visitors to choose what they want to hear about!
• Improve the quality of your targeting: there’s nothing like asking your subscribers directly about their interests and preferences to optimize your email campaigns. You’ve dreamed it, the RGPD law has done it, so why deprive yourself?

What data is collected by the RGPD preference center?

Made mandatory by European regulations, the PC or preference center must be accessible :

• Via a link placed in every marketing email sent,
• At the time of subscription to your offers;
• Directly via a link placed on your website;
• On your contact or registration forms.

For the last two points, be sure to anticipate and set up pre-filling in your preference center.

The idea is that thanks to the PC, users could now choose, for example (non-exhaustive list of options):

• The personal data shared and its use;
• The content they wish to receive: newsletter, news, product promotion, events, etc.
• The data relating to the frequency of email reception: daily, weekly, monthly, etc.
• The choice of language.
• The choice of categories and centers of interest.

What are the advantages of collecting data via a preference center?

There are many, many advantages to collecting personal data via the preference center. The first and not least is quite simply compliance with the European Data Protection Regulation (RGPD), which has been in force for over 2 years. Thanks to it, users are regaining control over the processing of their personal data. Thus, consent from individuals is now mandatory, and they must be able to assert their right to information and their right to be forgotten.

In addition to complying with current European regulations, the preference center can also help you :

• Provide your customers and prospects with a totally personalized experience, by delivering content tailored to their expectations and centers of interest:
• Optimize your content strategy by allowing your audience to choose their preferences in terms of frequency or relevance. This will enable you to better target their expectations.
• Act directly on the deliverability of your emails by maximizing engagement and transparency.

With our Giant Register of Preferences and Desires, Merlin/Leonard has chosen to optimize the use of our preference center by focusing on the customer experience and thus prioritizing the collection of quality data while complying with the RGDP.

At Merlin/Leonard, we’re all mobilized to support you in implementing the RGPD and the CNIL’s recommendations. To help you meet this challenge, we offer numerous marketing resources to optimize the collection of your personal data and improve the customer experience. If you’d like to go further, don’t hesitate to contact a member of our team for any advice and support.

To discuss your preference center, book your free appointment for a 30-minute discussion with our expert.

LET'S TALK GDPR !

Our other GDPR articles

The preference center: the gateway to the customer experience

GDPR and data security in 2022

Deciphering the GDPR Full Form: Venturing into Merlin/Leonard’s Communication Preference Centre

GDPR: Visit of Merlin/Leonard Communications Preference Center

GDPR: what to expect and how to prepare?

[Infographic] – GDPR Compliance checklist

GDPR is 2 years old: quick review and setup of the preference center

How to Implement GDPR Compliance in B2B Marketing through a Robust Preference Centre

GDPR consent: 5 ideas to turn your preference center to your advantage!

GDPR compliance quiz: take the ultimate quiz with Léonard!

7 good practices for your preference center

[Infographic] – GUARDIANS OF DATA – A HISTORICAL LOOK AT GDPR