Director of International Strategy
The prospect of a further tightening of regulations regarding the use of customer data across the UK and EU could have seemed like a disaster to a data-driven consultancy like TRG Arts.
Some of the initial ill-informed panic and scare stories in the arts sector around the implications of the General Data Protection Regulation (GDPR), which came into force in May 2018, certainly caught our attention. It is also fair to say there remains a lack of clarity around some of the implications of how GDPR will play out.
However, the more we researched what the regulations meant in practice and got to understand the key principles behind them, the more this appeared to be a sensible step in improving practice, and in building and maintaining trust with customers. In the context of recent global scandals regarding data privacy, there are lessons that could and should be learned by the leaders of TRG Arts clients around the world.
For me, the biggest reason to be cheerful about the implementation of GDPR was pushing customer data up the list of organizational priorities. Over the last twelve months, chief executives and boards of not-for-profits have been forced to think hard about their organization’s current practices regarding customer data. This has helped them understand how critical to business it is to have a clean and comprehensive database. In addition, it has also shone a light on how successful (or otherwise) their organization has been in collecting customer contact data and getting permissions to use it.
The result has been that GDPR could be viewed as a catalyst for a major bout of “spring cleaning” at arts organizations all around the UK. Digital data is being moved to one safe place: great for security and great for ensuring a holistic approach to CRM (Customer Relationship Management) systems. This “spring cleaning” will hopefully improve the organization’s understanding of the multiple touch-points they have with their customers and improve the relevancy of the communications their customers receive from the organization.
Should we need EU regulations to force us to tell our customers how we are using their personal data? Or, when there is so much concern about the evils of big data, should enlightened arts organizations all around the world be proactively telling their patrons how they care for it? Good practice is to be clear about the security of their information, what you are doing with it, and how you are sharing it.
Smart leaders of cultural organizations outside of the EU should be looking at how they can use the principles of GDPR to guide a more robust approach to data management and security that will help grow the trust and loyalty of their customers. An investment of time and effort now will both reduce the risk of an embarrassing loss of your customer data, and help position your organization as a dependable beacon of good practice.