Data is the most important resource in 21st Century that can easily gain market advantage. The General Data Protection Regulation (GDPR) provides the answer to people’s needs and support for the digital single market. But what about the proper functioning of Big Data?
How can Big Data be used?
Areas such as commerce, industry, administration, science, and health care have changed dramatically in the wake of Big Data. The same thing has happened with Big Data and marketing , whose representatives, by means of available data, can more effectively conduct actions in consumer space. With the use of Big Data tools and statistical analysis, you are not only able to observe existing market trends, analyze the relevance of your products/services, forecast the demand for individual goods, but also segment your customers and build their profiles based on given information. Big Data tools for compiling and analyzing the data obtained, gives the opportunity to see certain standards and thus make better business decisions.
Personal and non-personal data of individuals
Marketers have noticed the benefits of connecting Big Data and marketing in their daily work or in conducting specific campaigns. Data sets are defined as a combination of personal and non-personal information, where logical relationships are sought, and then used to make changes expected by the market. Non-personal data are information which is observed, derived or deduced, which has not been communicated intentionally by the subject and is a supplement to personal data.
Most often data is acquired with analytical methods, machine learning, algorithms, pixel markers and cookies. These activities, however, involve the risk of using personal data outside the main purpose for which they were collected (e.g., to identity theft or financial fraud); and inconsistent data management. A good example can be using false or misleading information in the profiling, which may affect the reputation of the person; an occurrence of intolerance towards some groups due to unsuccessful profiling. This has led to the tightening of the profiling process and companies are forced to check if they use measures to reduce the risk of privacy violations (e.g. pseudonymization, tokenization, data minimization techniques).
GDPR and changes in creating customer profiles
In the GDPR, profiling was change and have been taken into account from the point of view of individuals living in the European Union, whose information is collected by various organizations. First and foremost, a definition of "profiling" has been created within the framework of GDPR, which in essence means to create "knowledge" about consumers based on their behavior within the used network services, keeping them fully aware of the process (information about the profiling and its predicted consequences has to be delivered clearly and precisely).
A clear, unambiguous and voluntary consent of the subject was considered as the basis for the profiling activities. In addition, prohibition of profiling with sensitive data and reporting of profiling activities have been introduced. People who know about profiling may be reluctant to consent to data processing (concerning e.g. their age, sex, date of birth, location, interests, shopping behavior, etc.), which in turn impedes the personalization of the offer or the creation of targeted marketing communications. It is important to remember that within the framework of the Regulation, obtaining adequate personal consent concerns both newly created data sets and those existing in the past.
Profiling consists of the following elements:
- it must be an automated form of processing,
- must be based on the obtained personal data,
- its purpose is to identify the personal aspects (preferences, habits, interests) of a particular subject.
GDPR - profiling categories
There are two categories of profiling. The first one is based on provided information about an individual, while the other is based on artificially generated knowledge of the subject, based on, for example, statistics. Based on GDPR profiling can take two forms: common (with the necessary human work) and automated (involving computer programs evaluating and making decisions). Trusting computer programs to consider issues always involves some risk, for example in the form of an unjust denial of access to goods/services. In such cases, organizations must ensure that there is a rapid human intervention and that the subject retains the right to change or deny any decision taken on the basis of automatic processing.
GDPR prohibits the use of sensitive data to make automatic decisions (for example concerning a person’s health or economic circumstances), unless the individual has given his or her consent, or when the decisions are necessary for public interest. When organizations want to collect personal data, they should first select appropriate processing methods, inform about the purpose of collecting personal data, and provide an adequate legal basis. In addition, a natural person may at any time request insight into the collected data or object to any form of profiling. Organizations are required to guarantee the rights under GDPR, and must therefore monitor the state of the information provided, for example with the use of an analytical platform which enables data flow monitoring, detects whether the obtained consent has not been withdrawn or changed, and verifies whether the collected material is fully secure.
The Regulation is not intended to impede industries involved with Big Data, but primarily it is an impulse which will encourage organizations to be responsible for managing data and security. They will be able to organize an audit of their databases; clean up the database of unnecessary materials, and even find valuable data that have so far been ignored. The marketers will start looking at the campaigns more closely and will assume some responsibility for possible data breaches. More about digital security in campaigns you can find on GDPR and marketing article.