The RGPD is as passionate as it is scary. A few days before its entry into force, panic or ignorance often confine to clichés. The RGPD is a break for the business. Does the RGPD mark the end of personalized marketing? Sylvie Jonas, associate attorney at Avistem Agil'it, often hears this story: "With the RGPD, nothing can be done with the prospect data". It's wrong, she slices. "The obligation to inform consumers about the collection of data has existed since 1978 and there are even exceptions like the so-called" analogous products and services "(article L34-5 of the Post and Electronic Communications Code), which allows larger data holdings than brands do. " "The RGPD is a real business opportunity to focus on what is important for the opinion: the ownership of data," notes Thibault Joseph.
Elan Edelman's Associate Director recommends taking inspiration from the approach taken by OVH and its campaign in February 2018, via the #ReleaseLeContrôle, in favor of the specificities of its cloud: European, responsible and secure. "A compliant company can make its ethical approach an advantage," says Thibault Joseph.
Good practice: The AccorHotels DPO, Thomas Elm, admitted that the RGPD "leaves a field of possibilities and imposes few constraints". The brand takes the opportunity to educate business teams via a serious game and to collect data "really useful".
The Time Of The End Of The Cookies Rang
RGPD and ePrivacy, same fight? Both texts tend to be in the same basket regarding the end of cookies. And yet, if the European project ePrivacy (still under discussion) plans to entrust the browser - Chrome, Firefox, Safari or Internet Explorer - the task of collecting once and for all the authorization of the user, the European regulation does not integrate not this provision. "The RGPD marks the end of cookies ... not agreed, says Michaël Froment, director of Commanders Act, that is to say, that the informed, specific and explicit authorization of the user is required for any data collection ".
Good practice: Audiovisual groups have adopted the login approach for replay. France Télévisions goes further with its data friendly charter: the A / B brand tests its consent collection messages and indicates that it collects only the data needed to personalize the experience and refer video recommendations.
The RGPD Is An Anti-GAFA Weapon
"Many people think that the RGPD was designed to bring GAFA up to speed," explains Michaël Froment, "if the initial intention actually seemed to be this one, it is the European ecosystem that is likely to suffer more from the regulation. " For the professional, the GAFA have indeed an armada of lawyers able to defend them and despite the fact that these American giants are in the sights of the Cnil, they should get away without damage. "Especially in case of validation ePrivacy regulations that affect cookies, Google and Facebook are not concerned, because they have their own identification systems," said Michael Froment. Unless the recent scandal Cambridge Analytica does lastingly debut the image of the mastodon social networks: the day after the hearing of Mark Zuckerberg in front of US parliamentarians, one in four French plans to delete his Facebook account (Ifop).
Good practice: "The RGPD marks the test of truth," says Antoine Denoix, marketing and digital director of AXA. For the brand, this is the right time to (re) gain consumer confidence by being transparent in the data collection process and proving the benefit to users. Essential, when we know that 77% French indicates that the transparency of the brands will enter in the future in their criteria of purchase.
The RGPD Is A Legal Subject
"Even before going to the legislative court, the brand will have to defend itself before the opinion," says Thibault Joseph. Proof of this is that the subject goes beyond the legal framework. "It's a governance issue that can have an impact on the business, the continuity of service, and especially the consumer's trust capital in the brand," says Alan Edelman's managing director, who notes that brands still too often adopt this subject under a legal or IT prism.
For Sylvie Jonas, it is the legal departments who have "undertaken the steps of compliance, sensitized on the data prospects/customers and the responsibility of subcontractors". But, with the approach of privacy-by-design - which integrates from the conception of a project the organization and the processes allowing to a treatment of the personal data in the respect of the RGPD -, continues the lawyer, "cells made up of trades, including marketing, and legal and IT teams are now formed within brands."
Good practice: Mediapost has made RGPD a business project, supported by the COMEX. On the program: awareness of employees, including the respect of confidentiality clauses during departures. "It is very important to share the technical tips and best practices with all employees who manage data," explains Cathy Andrau, DGA of Mediapost.