Printer-friendly copy Email this topic to a friend
Lobby General Discussion topic #13300391

Subject: "Customer Lifetime Value Score ... or how I learned to stop worrying and" Previous topic | Next topic
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 10:40 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
"Customer Lifetime Value Score ... or how I learned to stop worrying and"


  

          

love the guillotine


——————-
Radio link

https://www.npr.org/sections/money/2018/11/07/665392227/your-lifetime-value-score

How long do you spend on hold? What kind of discounts do you get? These things could be determined by something called a Customer Lifetime Value score. This score is being used by companies across the economy and the results of those scores can be powerful.

————————

https://www.wsj.com/articles/on-hold-for-45-minutes-it-might-be-your-secret-customer-score-1541084656

It would be behind a paywall.

On Hold for 45 Minutes? It Might Be Your Secret Customer Score
Retailers, wireless carriers and others crunch data to determine what shoppers are worth for the long term—and how well to treat them

Khadeeja Safdar
Nov. 1, 2018 11:04 a.m. ET
By
Khadeeja Safdar
Two people call customer service at the same time to complain about the same thing. One waits a few seconds before a representative gets on the line. The other stays on hold. Why the difference?

There’s a good chance it has something to do with a rating known as a customer lifetime value, or CLV. That secret number is used by all manner of companies to measure the potential financial value of their customers.

Your score can determine the prices you pay, the products and ads you see and the perks you receive.

What’s Your Secret Shopper Score?

On Hold for 45 Minutes? It Might Be Your Secret Customer Score
See how a retailer develops your customer lifetime value. Click here.

Credit-card companies use the scoring systems to decide what to offer customers who want to cancel their cards. Wireless carriers route high-value callers immediately to their most skilled agents. At some airlines, a high score increases the odds of a seat upgrade.

“There’s no free lunch,” says Sunil Gupta, a marketing professor at Harvard Business School who has researched models for calculating lifetime value. “The more profitable you are, the better service you will get.”

These days, companies are resorting to all sorts of data and scores to size up consumers and predict their behavior. Retailers use risk scores to try to limit merchandise returns and prevent e-commerce fraud. There are scores to measure the likelihood a person will become sick, cancel a subscription or bad-mouth a company.

Everyone with a bank account, cellphone or online shopping habit has at least one CLV score, more likely several. And most people have no inkling they even exist, let alone how they are used, what goes into them or how accurate they are. Unlike credit scores, CLVs aren’t available to consumers and aren’t monitored by any government agency.

“There needs to be a public conversation around the accuracy of the scores being used,” says Pam Dixon, executive director of the World Privacy Forum, a nonprofit digital-privacy research group. “You can essentially be accused of being cheap or a fraudster, and it may not even be true.”

To determine how the scores are compiled and how they are used, The Wall Street Journal interviewed data scientists who develop the models and employees of the software and analytics firms that help companies put them to use.

Most CLV score users contacted for this article declined to comment on how they score customers, citing competitive reasons. Many say the scores make them more comfortable offering costly services and products in the short term because they are confident they will pick up more business in the long term. Some say they aim to increase each customer’s lifetime value by encouraging repeat business.

In some respects, the scores are just a high-tech version of what shopkeepers have done for generations—make judgments on a customer’s value based on how they look or behave. As far back as 20 years ago, academics were publishing models to calculate the future value of customers.

Now there are hundreds of analytics firms that calculate customer lifetime value, each with its own approach. Some of them put a value on shoppers based simply on what they spend, while others use hundreds of data inputs, adding and deducting points for demographic information such as ZIP Codes or behavioral details such as the number of returns they make or when they shop.

“Not all customers deserve a company’s best efforts,” says Peter Fader, a marketing professor at the University of Pennsylvania’s Wharton School who helped popularize lifetime value scores. His scoring method is based on transaction history, which he says is all companies need to determine how customers will behave in the future. This year, he sold the firm he co-founded, Zodiac Inc., which performs such analysis, to Nike Inc.

The data that goes into a score can come from transaction records, website interactions, customer-service conversations, social-media profiles and third-party brokers such as Acxiom LLC and Alliance Data Systems Corp.’s Epsilon, which sell information on such things as the number of bedrooms in a house and the type of credit card someone carries. Each piece of data is weighted based on past patterns and perceived level of predictability.

Marital status is often factored in, with some companies assuming that singles are better customers, and others, the opposite. Age also is a common input, potentially penalizing older people because of their shorter projected lifespans.

Some retailers deduct points from shoppers who exhibit costly behaviors, such as buying things only when they are deeply discounted.
Some retailers deduct points from shoppers who exhibit costly behaviors, such as buying things only when they are deeply discounted. Photo: Jeenah Moon/Bloomberg News
Some companies deduct points from shoppers who exhibit costly behaviors. Banks sometimes take into account the calls people make to customer-service agents or the number of times they visit branches. Online retailers track shoppers who buy things only when they are deeply discounted. People expected to cost more than they spend can have a negative score.

Computer systems sometimes tag customers as high-value or low-value. Marketing staffers or service agents gauge interactions based on the status. Vendors such as Zeta Global and Salesforce Inc. can automatically offer discounts and other incentives based on the scores.

Phone service

At wireless carriers such as Verizon Communications Inc. and Sprint Corp. , lifetime value can determine marketing offers and other perks. At some carriers, high-value customers who are at risk of switching to another carrier are prioritized and get routed to a top-rated call center.

Verizon and Sprint declined to provide specifics about how they assess customer value. “The predominant way we route calls is based on the reason for the call,” says a Sprint spokeswoman. She says customer lifetime value is “one of many ways we guide customer interactions.”

Zeta Global, whose clients include wireless carriers, generates scores using data points such as the number of times a customer has dialed a call center and whether that person has browsed a competitor’s website or searched certain keywords in the past few days. The firm says it has a database of more than 700 million people, with an average of over 2,500 pieces of data per person.

When a person’s “churn” score, which predicts his or her chances of switching to another carrier, exceeds a certain threshold, Zeta’s system flags that customer to a customer-service agent. The higher the customer’s lifetime value, the more likely that Zeta will recommend responding to the customer more quickly and offering free phones and other perks, says David Steinberg, Zeta’s chief executive. “Most of this comes down to how you’re marketed to and how you’re treated,” he says.

Apparel

Apparel retailers often compare a shopper’s lifetime value with the cost of marketing to that person before deciding whether to woo him or her and how much money to spend doing so.

“What CLV does is allows us to see beyond the day-to-day to ensure we’re focused on the quality of the new customers we’re acquiring, not just the quantity,” says Ed Boyle, senior director of performance marketing at Bonobos, an apparel retailer acquired by Walmart Inc.

Apparel retailers such as Bonobos use customer lifetime values to assess the quality of new customers.
Apparel retailers such as Bonobos use customer lifetime values to assess the quality of new customers. Photo: Victor J. Blue/Bloomberg News
In a research paper last year, ASOS, an online retailer, said it scores shoppers on over 100 data inputs, including a customer’s age and location. Since ASOS doesn’t recoup delivery costs for returned items, “customers can easily have negative lifetime value,” the paper said. The company declined to comment on the paper.

Brad Birnbaum, chief executive of customer-service platform Kustomer Inc., says some of his e-commerce clients use scores, including CLV, to respond to email inquiries. “If you’ve got an angry shopper with a high lifetime value, you might want to bump up the priority,” he says.

Shoppers with higher scores, however, won’t necessarily get the best deals all the time, says Jerry Jao, chief executive of Retention Science, which has worked for companies such as Target Corp. and Procter & Gamble Co. Retailers sometimes withhold discounts to high-value customers until they are at risk of losing them. “Why waste a 25% offer when the person is going to buy anyway?” Mr. Jao says.

Cars

At auto dealerships, a high score can mean access to loaner cars, preferential service slots and special events, says Scot Eisenfelder, chief executive of Affinitiv Inc., which uses lifetime value to create marketing campaigns for dealerships. The scoring helps dealerships weed out costly customers. “This is what you call grinders—people who visit 16 stores to get the absolute lowest price,” he explains.

Mr. Eisenfelder says his firm develops scores by crunching data on things such as previous car purchases, whether a household has a teenager, where else a person has shopped and ZIP Codes, which can be used as a proxy for income. Someone who has a Neiman Marcus credit card is going to be more valuable for a car dealership than someone with a credit card from a discount chain, he says.

At auto dealerships, a high score can mean access to loaner cars, preferential service slots and special events.
At auto dealerships, a high score can mean access to loaner cars, preferential service slots and special events. Photo: David Paul Morris/Bloomberg News
Air travel

At airlines, CLV scores incorporate frequent-flier information and other data. A high score can increase a person’s chances of getting seat upgrades or better service, says Laks Srinivasan, co-chief operating officer of Opera Solutions LLC, which works with airlines, retailers, banks and other companies.

The firm’s scores can draw from more than 5,000 data “signals” per customer, Mr. Srinivasan says, translating them into recommendations for flight attendants, gate agents and other personnel. The company tracks, for example, the number of times a person calls to complain over the prior 90 days, which can affect the CLV.

An airline can compare how often a shopper complains with his or her lifetime value and customer experience score, which measures inconveniences such as number of times in the middle seat, flight delays and lost bags.

“A high-value customer who had a real service disruption and never calls to complain should be compensated more quickly than someone who is complaining and costing time and money,” Mr. Srinivasan says.

Credit cards

To calculate lifetime value, credit-card companies analyze spending behavior, payment history and credit scores, among other things. “Banks know what you buy, and where and when you buy it,” says Arpan Dasgupta, head of financial services and telecom practices at Fractal Analytics, which helps companies analyze customer data. “It’s powerful data that can be useful for CLV.”

The score can determine which customers receive credit-card offers and other incentives. When customers call to cancel at a card company such as American Express Co. , their relationship with the issuer and past spending behavior are some of the criteria used to determine what perks will be offered to retain them.



-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top


Topic Outline
Subject Author Message Date ID
there's some truth to this
Dec 05th 2018
1
To what
Dec 05th 2018
2
      the whole thing...'scoring' the customer and it determining
Dec 05th 2018
3
           Who writes the equations and what data sets do they use for control
Dec 05th 2018
4
                Someone like myself in conjuction with 'corp. leadership' lol
Dec 05th 2018
9
                     what is your job title
Dec 05th 2018
10
                          Business Analyst
Dec 05th 2018
11
I might call amex and
Dec 05th 2018
5
You must have a low CLV on OKP because your font is jacked UP fam...
Dec 06th 2018
19
      yeah, I don't know wtf happened.
Dec 07th 2018
22
When I call customer service I press zero until I get someone
Dec 05th 2018
6
What’s to stop this data set being sold/loaned when you try to get a j...
Dec 05th 2018
7
      We can’t stop it
Dec 05th 2018
12
           How’d you get from I don’t willingly want to paricpate to trying to ...
Dec 05th 2018
13
                What’s to stop this data being sold? Answer: We can’t stop it
Dec 05th 2018
14
                     I disagree. The UK has shown a path forward with data privacy
Dec 05th 2018
15
                          what has the UK done?
Dec 05th 2018
17
                               RE: what has the UK done?
Dec 05th 2018
18
When are they going to start ripping off the fun Black Mirror episodes?
Dec 05th 2018
8
i think they should be able to use data from their services
Dec 05th 2018
16
sales 101
Dec 06th 2018
20
Never mind
Dec 06th 2018
21

ambient1
Member since May 23rd 2007
41020 posts
Wed Dec-05-18 10:45 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
1. "there's some truth to this"
In response to Reply # 0


  

          

=======================================
Coolin...

  

Printer-friendly copy | Reply | Reply with quote | Top

    
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 10:48 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
2. "To what"
In response to Reply # 1


  

          

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

        
ambient1
Member since May 23rd 2007
41020 posts
Wed Dec-05-18 11:28 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
3. "the whole thing...'scoring' the customer and it determining"
In response to Reply # 2
Wed Dec-05-18 11:30 AM by ambient1

  

          

the level of service/benefits that are applied...

this is my line of work

but their phrasing it as though bad/broke customer (in their view) = bad service and that's not necessarily the case


example...in healthcare...I've seen one highly known insurance company prioritize the service of Congressional members(and family) over literally ANY and EVERYONE while their base customer is everyday government/private industry employees


basically if your state college's football coach, let's say...Urban Meyer who makes @ 5 mill a year vs. Idk....Orin Hatch's son... the latter gets the gold star treatment

=======================================
Coolin...

  

Printer-friendly copy | Reply | Reply with quote | Top

            
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 11:33 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
4. "Who writes the equations and what data sets do they use for control"
In response to Reply # 3
Wed Dec-05-18 11:38 AM by MEAT

  

          

Like it’s really easy to write an equation that “fits” the assumptions

Age, income, zip code

But what do they use for control and if you rank the people highly that have a lot of money anyways but fall outside of that equation then it’s a shit equation.

I’m willing to bet dollars to donuts that the equations reinforce assymmetry rather than helo make quicker or better decisions AND that there are nearly universally zero plans to evaluate effectiveness of these programs internally.

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

                
ambient1
Member since May 23rd 2007
41020 posts
Wed Dec-05-18 12:02 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
9. "Someone like myself in conjuction with 'corp. leadership' lol"
In response to Reply # 4
Wed Dec-05-18 12:03 PM by ambient1

  

          

like there's a bazillion factors that go in but in the end

it's just like everything else... leadership normally 'sticks to their guns' when it comes time to make decisions despite the data...


it's slowly moving toward consumers having more of a voice (it's a growing industry) but it all boils down to leadership


in the example that I provided...that org operates almost like a government entity...they don't necessarily have the 'competition' in their marketplace so they can and do bully customers into whatever they decide....like the absolute bottom of their priority list is you and me...it's odd and I don't think most people are aware of how they get down but yeah...they would rather prioritize congressmen and place your everyday joe who literally contributes the most to their capital at the absolute bottom ....even over the medical providers that are calling to collect $ from em

competitive companies(telecom, retail, etc.) are more receptive to strategies based around customers

=======================================
Coolin...

  

Printer-friendly copy | Reply | Reply with quote | Top

                    
tourgasm
Member since Sep 06th 2014
314 posts
Wed Dec-05-18 12:13 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
10. "what is your job title"
In response to Reply # 9


          

what industry specifically do you work in?

  

Printer-friendly copy | Reply | Reply with quote | Top

                        
ambient1
Member since May 23rd 2007
41020 posts
Wed Dec-05-18 12:22 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
11. "Business Analyst"
In response to Reply # 10
Wed Dec-05-18 12:24 PM by ambient1

  

          

currently -- with the state government
formally -- with the fed government


while with the former, worked in/with the technology and companies who come up with all the cool toys

=======================================
Coolin...

  

Printer-friendly copy | Reply | Reply with quote | Top

tariqhu
Charter member
13839 posts
Wed Dec-05-18 11:37 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy listClick to send message via AOL IM
5. "I might call amex and "
In response to Reply # 0


          

see what they offer if I cancel. I wonder how much my interest
rate is affected by these scores. 

2 things I find pretty interesting. one statement about all
customers don't deserve the companies best effort. that's
counter to pretty much all the stuff we're told about how
companies operate.

the other was tracking where you spend your money to get a
gauge of your income. just makes me curious how the math on
that. 

nah, you trippin

  

Printer-friendly copy | Reply | Reply with quote | Top

    
FLUIDJ
Member since Sep 18th 2002
40254 posts
Thu Dec-06-18 07:16 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
19. "You must have a low CLV on OKP because your font is jacked UP fam..."
In response to Reply # 5


  

          

"Get ready....for your blessing....."

  

Printer-friendly copy | Reply | Reply with quote | Top

        
tariqhu
Charter member
13839 posts
Fri Dec-07-18 10:14 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy listClick to send message via AOL IM
22. "yeah, I don't know wtf happened."
In response to Reply # 19


          

nah, you trippin

  

Printer-friendly copy | Reply | Reply with quote | Top

legsdiamond
Member since May 05th 2011
58260 posts
Wed Dec-05-18 11:38 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
6. "When I call customer service I press zero until I get someone "
In response to Reply # 0


          

Sometimes I get the “Can we call you back” option

I want the lowest price possible using the easiest method possible.

Don’t have the time to worry about what these people do with my transaction history.

shut up already, damn

  

Printer-friendly copy | Reply | Reply with quote | Top

    
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 11:41 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
7. "What’s to stop this data set being sold/loaned when you try to get a j..."
In response to Reply # 6


  

          

Or when you’re trying to get your kids into school
Or when you apply for that next loan
Or when you want to move neighborhoods to get your kids into better public school
Or when you’re old and need to get into a home
Or when there’s only a few beds left in the hospital
Or when you need medical assistance on a plane but have been deemed unruly
Or when you get shot by the police and they’re trying to work out your life insurance policy for lifetime lost income in settlement?

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

        
legsdiamond
Member since May 05th 2011
58260 posts
Wed Dec-05-18 12:22 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
12. "We can’t stop it"
In response to Reply # 7


          

shut up already, damn

  

Printer-friendly copy | Reply | Reply with quote | Top

            
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 12:32 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
13. "How’d you get from I don’t willingly want to paricpate to trying to ..."
In response to Reply # 12
Wed Dec-05-18 12:36 PM by MEAT

  

          

Stop them?
It’s a leap.

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

                
legsdiamond
Member since May 05th 2011
58260 posts
Wed Dec-05-18 12:36 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
14. "What’s to stop this data being sold? Answer: We can’t stop it"
In response to Reply # 13


          

shut up already, damn

  

Printer-friendly copy | Reply | Reply with quote | Top

                    
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 12:44 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
15. "I disagree. The UK has shown a path forward with data privacy "
In response to Reply # 14


  

          

But it first starts with a will of the people.

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

                        
Stadiq
Member since Dec 21st 2005
2785 posts
Wed Dec-05-18 06:20 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
17. "what has the UK done?"
In response to Reply # 15


          

  

Printer-friendly copy | Reply | Reply with quote | Top

                            
MEAT
Member since Feb 08th 2008
17231 posts
Wed Dec-05-18 06:46 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
18. "RE: what has the UK done?"
In response to Reply # 17


  

          

The most direct things are duty to notify and simplified agreements
It’s why nearly EVERY site you access now asks you if you consent to cookies
Also actual fines and enforcement mechanisms
Which allowed them to seize a trove of Facebook paperwork last week.

https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/

What does GDPR stand for?

General Data Protection Regulation.

How did it come about?

In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe 'fit for the digital age'. Almost four years later, agreement was reached on what that involved and how it will be enforced.

One of the key components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.

"The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information," said Andrus Ansip, vice-president for the Digital Single Market, speaking when the reforms were agreed in December 2015.

What is GDPR?

WhatsApp, Facebook to face EU data protection taskforce
WhatsApp, Facebook to face EU data protection taskforce

WhatsApp and its parent company Facebook have been invited to meet a data protection taskforce after alleged non-compliance with European data laws.

Read More

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

The reforms are designed to reflect the world we're living in now, and brings laws and obligations - including those around personal data, privacy and consent - across Europe up to speed for the internet-connected age.

Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments -- almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.

What is GDPR compliance?

Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it -- and those people often have malicious intent.

Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

Who does GDPR apply to?

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world will need to be ready when GDPR comes into effect, and must start working on their GDPR compliance strategy.

There are two different types of data-handlers the legislation applies to: 'processors' and 'controllers'. The definitions of each are laid out in Article 4 of the General Data Protection Regulation.

Also: GDPR compliant? Here's a handy five-step preparation checklist

A controller is "person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data", while the processor is "person, public authority, agency or other body which processes personal data on behalf of the controller". If you are currently subject to the UK's Data Protection Act, for example, it's likely you will have to look at GDPR compliance too.

"You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR," says the UK's Information Commissioners Office, the authority responsible for registering data controllers, taking action on data protection and handling concerns and mishandling data.

GDPR ultimately places legal obligations on a processor to maintain records of personal data and how it is processed, providing a much higher level of legal liability should the organisation be breached.

Controllers will also be forced to ensure that all contracts with processors are in compliance with GDPR.

istock-gdpr-concept-image.jpg
General Data Protection Regulation: What does it mean for you?

Image: iStock
What is personal data under the GDPR?

The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.

When does GDPR come into force?

GDPR will apply across the European Union from 25 May 2018, and all member nations are expected to have transferred it into their own national law by 6 May 2018.

Following four years of preparation and debate, GDPR was approved by the European Parliament in April 2016 and the official texts and regulation of the directive were published in all of the official languages of the EU on May 2016.

gdpr-date-on-a-keyboard.jpg
GDPR comes into force on 25 May 2018.

Image: iStock
What's the GDPR compliance deadline?

As of 25 May 2018, all organisations are expected to be compliant with GDPR.

How does Brexit impact on GDPR?

The UK is set to leave the EU on 29 March 2019, a little over ten months after GDPR comes into force. The UK government has said this won't impact on GDPR being enforced in the country, and that GDPR will work for the benefit of the UK despite the country ceasing to be an EU member. So Brexit is unlikely to have any impact on an organisation's GDPR compliance requirements.

What does GDPR mean for businesses?

GDPR establishes one law across the continent and a single set of rules which apply to companies doing business within EU member states.. This means the reach of the legislation extends further than the borders of Europe itself, as international organisations based outside the region but with activity on 'European soil' will still need to comply.

It's hoped that by slim-lining data legislation with GDPR, it can bring benefits to businesses. The European Commission claims that by having a single supervisor authority for the entire EU, it will make it simpler and cheaper for businesses to operate within the region. Indeed, the Commission claims GDPR will save €2.3 billion per year across Europe

"By unifying Europe's rules on data protection, lawmakers are creating a business opportunity and encouraging innovation," the Commission says.

TechRepublic: EU General Data Protection Regulation (GDPR): A cheat sheet

What that means, they say, is regulation will guarantee data protection safeguards are built into products and services from the earliest stage of development, providing 'data protection by design' in new products and technologies.

Organisations will also be encouraged to adopt techniques like 'pseudonymization' in order to benefit from collecting and analysing personal data, while the privacy of their customers is protected at the same time. (Although some groups have argued that this already comes too late, given the number of connected devices in the world.)

What does GDPR mean for consumers/citizens?

Because of the sheer number of data breaches and hacks which have occurred over the years, the unfortunate reality for many is that some of their data -- be it an email address, password, social security number, or confidential health records -- has been exposed on the internet.

One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Organisations will be required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.

Consumers are also promised easier access to their own personal data in terms of how it is processed, with organisations told that they need to detail how they use customer information in a clear and understandable way.

Some organisations have already moved to ensure this is the case, even if it is as basic as sending customers emails with information on how their data is used and providing them with an opt-out if they don't issue their consent to be a part of it. Many organisations, such as those in the retail and marketing sectors, have contacted customers to ask if they want to be a part of their database.

In these circumstances, the customer should have an easy way of opting out of their details being on a mailing list. Meanwhile, some other sectors have been warned that they have a lot more to do in order to ensure GDPR compliance - especially when consent is involved.

GDPR is also set to bring a clarified 'right to be forgotten' process, which provides additional rights and freedoms to people who no longer want their personal data processed to have it deleted, providing there's no grounds for retaining it.

Organisations will need to keep these consumer rights in mind once GDPR comes into force.

Is this privacy email really from an actual company? Could it be a scam?

Organisations of all sizes in all sectors are sending customers emails, asking them to opt-in in order to keep receiving messages and other marketing material. For the most part, if the customer does want to remain on the list, they just need to click the part of the email that tells the company they wish to remain in touch.

However, with so many organisations sending out emails on GDPR, criminals and scammers have taken it up as a prime opportunity to send out phishing emails in order to catch people unware - especially given how people might be receiving more emails from organisations than usual right now.

Researchers at Redscan uncovered one of these schemes, which sees criminals posing as Airbnb and claiming that the user won't be able to accept new bookings or send messages to prospective guests until a new privacy policy is accepted. The attackers specifically mention new EY privacy policy as the reason for the message being sent.

However, those behind this scheme are very much leveraging GDPR in order to steal information, because while the real Airbnb message doens't ask for any information, those who receive the fake message are asked for their personal information, including account credentials and payment card information.

It's unlikely to be the only attempt by criminals to piggyback on GDPR for their own gain.

What is a GDPR breach notification?

Once GDPR comes into force, it'll introduce a duty for all organisations to report certain types of data breaches which involve unauthorised access to or loss of personal data to the relevant supervisory authority. In some cases, organisations must also inform individuals affected by the breach.

Organisations will be obliged to report any breaches which are likely to result in a risk to the rights and freedoms of individuals and lead to discrimination, damage to reputation, financial loss, loss of confidentiality, or any other economic or social disadvantage.

istock-hacker-hoody.jpg
If customer data is breached by hackers, the organisation will be obliged to disclose this.

Image: iStock
In other words, if the name, address, data of birth, health records, bank details, or any private or personal data about customers is breached, the organisation is obliged to tell those affected as well as the relevant regulatory body so everything possible can be done to restrict the damage.

This will need to be done via a breach notification, which must be delivered directly to the victims. This information may not be communicated only in a press release, on social media, or on company website. It must be a one-to-one correspondence with those affected.

Under GDPR, when does an organisation need to make a notification about a breach?

The breach must be reported to the relevant supervisory body within 72 hours of the organisation first becoming aware of it. Meanwhile, if the breach is serious enough to mean customers or the public must be notified, GDPR legislation says customers must be made responsible without 'undue delay.'

What are the GDPR fines and penalties for non-compliance?

Failure to comply with GDPR can result in a fine ranging from 10 million euros to four per cent of the company's annual global turnover, a figure which for some could mean billions.

Fines will depend on the severity of the breach and on whether the company is deemed to have taken compliance and regulations around security in a serious enough manner.

The maximum fine of 20 million euros or four percent of worldwide turnover -- whichever is greater -- is for infringements of the rights of the data subjects, unauthorised international transfer of personal data, and failure to put procedures in place for or ignoring subject access requests for their data.

A lower fine of 10 million euros or two percent of worldwide turnover will be applied to companies which mishandle data in other ways. They include, but aren't limited to, failure to report a data breach, failure to build in privacy by design and ensure data protection is applied in the first stage of a project and be compliant by appointing a data protection officer -- should the organisation be one of those required to by GDPR.

What's in a GDPR-compliant breach notification?

TECH PRO RESEARCH

IT leader’s guide to the threat of fileless malware
Incident response policy
IT leader’s guide to cyberattack recovery
Auditing and logging policy
Cybersecurity in 2018: A roundup of predictions
In the event of a company losing data, be it as a result of a cyberattack, human error or anything else, the company will be obliged to deliver a breach notification.

This must include approximate data about the breach, including the categories of information and number of individuals compromised as a result of the incident and the categories and approximate numbers of personal data records concerned. The latter takes into account how there can be multiple sets of data relating to just a single individual.

Organisations will also need to provide a description of the potential consequences of the data breach, such as theft of money, or identity fraud, and a description of the measures which are being taken to deal with the data breach and to counter any negative impacts which might be faced by individuals.

The contact details of the data protection officer, or main point of contact dealing with the breach, will also need to be provided.

When do we need to appoint a Data Protection Officer?

Under the terms of GDPR, an organisation must appoint a Data Protection Officer (DPO) if it carries out large-scale processing of special categories of data, carries out large scale monitoring of individuals such as behaviour tracking or is a public authority.

In the case of public authorities, a single DPO can be appointed across a group of organisations.While it isn't mandatory for organisations outside of those above to appoint a DPO, all organisations will need to ensure they have the skills and staff necessary to be compliant with GDPR legislation.

Also: GDPR proves that tech giants can be tamed

There's no set criteria on who should be a DPO or what qualifications they should have, but according to the Information Commissioner's Office, they should have professional experience and data protection law proportionate to what the organisation carries out.

Failure to appoint a data protection officer, if required to so by GDPR, could count as non-compliance and result in a fine.

What does GDPR compliance look like?

GDPR might seem complex, but the truth of the matter is that for the most part, the legislation is consolidating principles which currently form part of the UK's Data Protection Act.

However, there are elements of GDPR such as breach notification and ensuring that someone is responsible for data protection which organisations need to address, or run the risk of a fine.

There's no 'one size fits all' approach to preparing for GDPR. Rather, each business will need to examine what exactly needs to be achieved to comply and who is the data controller who has taken responsibility for ensuring it happens.

"You are expected to put into place comprehensive but proportionate governance measures," says the UK's ICO. "Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, although many organisations will already have good governance measures in place."

TechRepublic: Will GDPR actually protect EU citizens? 61% of infosec pros say yes

That could be the responsibility of an individual in a small business, or even a whole department in a multinational corporation. Either way, budget, systems and personnel will all need to be considered to make it work.

Under the GDPR provisions that promote accountability and governance, companies need to implement appropriate technical and organisational measures. These could include data protection provisions (staff training, internal audits of processing activities, and reviews of HR policies), as well as keeping documentation on processing activities. Other tactics that organisations can look at include data minimisation and pseudonymisation, or allowing individuals to monitor processing, the ICO said.

In preparing for GDPR, bodies such as the ICO offer general guidance on what should be considered. All organisations will need to ensure they've carried out all the necessary impact assessments are and GDPR compliant come 25 May 2018 or risk falling foul of the new directives.

GDPR is here, so what now?

As of May 25th, GDPR has now come into force, with the days and weeks prior to it seeing a surge in companies sending emails to customers asking them to opt-in to new privacy and consent policies. Emails came so thick and fast in the last 24 hours, that many web users felt overwhelmed.

In the run up to the date, some organisations and platforms, including social media site scoring site Klout simply shut down operations - Klout didn't explicitly point to GDPR, but the date of May 25th probably isn't a coincidence. It isn't the only service to shut down operations or restrict access to European users.

European users who visited high profile US news websites such as The LA Times, The Chicago Times and The Baltimore Sun on the morning of May 25th found that they weren't able to access the websites, with the publishers pointing to GDPR as the reason.

"Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and are commited to looking at options that support our full range of digital offerings in the EU market," said a statement on the Los Angles Times website.

Similar statements were posted across news publications operated by the Lee Enterprises and Tronc groups.

Denying users access to products - at least for the time being - is viewed by many as a price worth paying to avoid potential fines. Although some would ask the the question, what were they doing with user data and what consent did they have?

What has GDPR changed since it was introduced?

As of August, those issues with US publishers still haven't been resolved, with the likes of Tronc still displaying the same apology to users in Europe.

Publishers aren't the only organisations which are having to come to terms with the new reality as some of the largest technology companies including Facebook say they've started to feel the bite of GDPR. The social network has blamed GDPR for a decline of about a million monthly users during the second quarter of the year, as well as a dip in advertising revenue growth within Europe.

Organisations of all sizes have found themselves it to some extent, by users who didn't provide consent for their data to be used when offered the chance to opt in.

Analysts at Forrester say many companies have reported a decrease of between 25 percent and 40 percent of their addressable market for emails and other forms of contact.

As a result, many companies find themselves having to think about new methods of attracting consumers and generating revenue. Analyst Gartner has suggested that some companies may have to rethink their data center strategy as a result of legislation such as GDPR.

PREVIOUS AND RELATED COVERAGE
IT leader's guide to the threat of cyberwarfare

From security and mobiles to Windows and shadow IT.

Vendor Security Alliance tweaks auditing system to be GDPR compliant

The non-profit alliance has added GDPR compliance to its yearly vendor auditing system and announced it will be taking on new members for the first time.

How Europe's GDPR will affect Australian organisations

Failure to comply with the data protection regulations could result in a €20 million fine, and Australian organisations with links to Europe will not be exempt.

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

Marauder21
Charter member
47787 posts
Wed Dec-05-18 11:48 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
8. "When are they going to start ripping off the fun Black Mirror episodes?"
In response to Reply # 0


  

          

------

12 play and 12 planets are enlighten for all the Aliens to Party and free those on the Sex Planet-maxxx

XBL: trkc21
Twitter: @tyrcasey

  

Printer-friendly copy | Reply | Reply with quote | Top

mista k5
Member since Feb 01st 2006
8328 posts
Wed Dec-05-18 12:54 PM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy listClick to send message via AOL IM
16. "i think they should be able to use data from their services"
In response to Reply # 0


  

          

all customers need to have a baseline level of service. perks can be offered to their "ideal" customers based on the customers history with them.

getting social media data or third part data? no good.

  

Printer-friendly copy | Reply | Reply with quote | Top

BrooklynWHAT
Member since Jun 15th 2007
76971 posts
Thu Dec-06-18 09:37 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
20. "sales 101"
In response to Reply # 0


  

          

<--- Big Baller World Order

  

Printer-friendly copy | Reply | Reply with quote | Top

    
MEAT
Member since Feb 08th 2008
17231 posts
Thu Dec-06-18 09:56 AM

Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
21. "Never mind "
In response to Reply # 20
Thu Dec-06-18 09:59 AM by MEAT

  

          

Nm

-------
“There is no fate that cannot be surmounted by scorn.” -Albert Camus

  

Printer-friendly copy | Reply | Reply with quote | Top

Lobby General Discussion topic #13300391 Previous topic | Next topic
Powered by DCForum+ Version 1.25
Copyright © DCScripts.com