The recent news that Google received more than 2.4 million requests to remove URLs from its search results under Europe’s “right to be forgotten” laws emphasises the much-needed shift in consumers beginning to understand their growing data rights.

Echoing the statement of Paul Jordan, European managing director at the International Association of Privacy Professionals that “at the heart of GDPR is consumer protection,” it’s this respect of consumer protection that will change the way that brands use and store data for evermore.

But there’s a lot of debate as to whether brands will be compliant by the looming deadline of May 25th. And even more discussion as to what the world of data will look like post-GDPR.

>See also: Counting down to GDPR: Will your business make it?

Something we can count on is that there will be more onus on forging trust between brand and consumer. And the key to unlocking that trust will be transparency.

So how do brands change behaviour quickly to ensure that they will be fully compliant, demonstrating that they’re prioritising and adhering to consumer rights, all while operating efficiently and grasping new opportunities?

First impressions count

GDPR legislates a complete reform of how personal data is being stored and used, but more critically, it will hold businesses accountable for the data they hold on behalf of their customers.

Brands should be navigating this change by having a protocol in place in the form of systems, databases and solutions that allow for intervention to find data and in some cases, delete as well, when consumers request it.

The first step is to audit current processes and system to make sure this is possible as it is not enough to say that due to technical incapability a request could not be met. And it’s no good to the business if requests cannot be completed efficiently.

Brands should therefore check their website, the first point of contact with their customers, is fit for the new regulatory framework that GDPR imposes. For consumers, the key distinguisher of a website that is compliant will be noticed when they are presented with a consent form to ask permission to use and store their data.

>See also: One month to go: Ensure your journey to GDPR compliance

The consent form will ask consumers for 1) permission to use their personally identifiable information, such as name or IP address, and 2) for granular permission on ways their data can be used (analytics, advertising, social media, etc.) for technical reasons across the site and for business purposes.

However, any data relating to a consumers’ digital footprint is covered by GDPR. Everything to do with the customer is personally identifiable information. Brands are therefore responsible for any information stored in relation to their customers. That means all digital marketing channels, regardless of who runs them.

But those brands that introduce clear data consent options for every communication the business has with a consumer, along with putting robust security measures in place, will win over the trust needed to move forward in a post GDPR era.

Overcoming piggybacking

When it comes to the consumers entering brand webpages, one of the biggest challenges is for the business having full visibility of which third parties are piggybacking tags on webpages. What does this mean?

When consumers click through to websites they are entering a world where lying underneath the visible website is often a complex web of unknown and unauthorised JavaScript tags that can piggyback off one another. These are used for technical and business reasons to collect and act on data, often for the correct functioning of the website itself, as different elements ‘talk’ to each other and pass information along.

However, these tags might start doing that as soon as a user visits the site – before they have given any kind of consent. Some tags may pass data onto other tags in a cascade that takes data into the hands of third parties and out beyond the website to advertisers and technology vendors.

>See also: GDPR compliance: what organisations need to know

Under GDPR, explicit consent must be given before any data can be collected and used, otherwise companies can breach the rules very quickly.

When brands have control over tags supporting their website, they can identify where compliance issues may be on their webpage. They can then communicate to customers that their data will only go to sources which are trusted – instilling confidence in the customers visiting their webpage.

The GDPR requirement for businesses to become completely data transparent with consumers cuts both ways. Customers will gain the power to view the data companies have on them, as well as the opportunity to review their options of how data is kept.

This means brands should shift their attention to how they engage their audiences and encourage them to sign up to share their data for the best site experiences. GDPR may be new and challenging but it will pave the way of how businesses best serve their target market.

Sourced by Ian Woolley, chief revenue officer, Ensighten

As the one month countdown to GDPR approaches, Information Age will host a compelling webinar with Trend Micro on April 25th, which will discuss the path to compliance, the steps your organisation needs to take to ensure it is ready for the change and the opportunities that will arise from compliance. Register here today!