ASK THE EXPERTS – Downloadable insights

Great insight from Bench!

You can now download our latest ‘Ask the Experts’ Disruption report

 

Please have a look at our previous reports:

‘Ask the Experts’ GDPR report

‘Ask the Experts’ report on Unleashing Marketing and Data Technology’s true potential

‘Ask the Experts’ report on Key Marketing and Data Opportunities and Challenges for 2017 and beyond

Welcome to the new Bench Talent website!

Welcome to the new Bench Talent website!

It’s a really exciting time for the Bench Talent team, as we unveil our new website and branding to the world. It’s been a lot of hard work, but we’re really proud of the result and see it as testament to the amazing growth and success we’ve achieved over the last three years.

When we first started out in 2015 we were a team of one as part of the wider Bench offering. Now we are team of 8, and to date have placed 100 candidates in permanent, temporary and contract digital, marketing, data and technology roles.

We first launched Bench Talent to offer an alternative to ‘Big Recruitment’. We wanted to do things differently in an industry where all too often quantity is valued over quality and not enough time is spent asking the right questions or properly communicating with clients and candidates. This is something we’re still incredibly passionate about and we think it is a real cornerstone of our success.

We also know that a lot of our success is due to the great people we work with, and the long-term relationships we’ve built up with clients and candidates.

While we’re delighted with our new website and branding, we are still very much part of the Bench family. This gives us the fairly unique position of being able to draw on an exceptional set of skills and market insight, gained from years of practical experience. In addition, through Bench’s associate partner network, we have access to the subject matter experts in data and marketing technology.

So, please come and pay us a visit at www.benchtalent.co.uk, where you you’ll be able to find all the latest information about the roles we’re looking to fill, as well as our specialist insight into the marketing, data, digital and technology recruitment marketplace.

We look forward to seeing you soon.

 

You can also visit our new LinkedIn and Twitter pages.

 

GDPR opportunities – the road to positive compliance and best practice data management

GDPR opportunities – the road to positive compliance and best practice data management

While ensuring compliance with GDPR is of course hugely important, those that treat it merely as a tick box exercise will ultimately fail in this new consumer democracy. GDPR offers a unique opportunity to develop completely new ways of working that are based on the key principles of trust and transparency. In the long-term those businesses that embrace this culture-shift most successfully (and truthfully!) will emerge with a competitive advantage over those that don’t commit so genuinely.

Consumer behavior and attitudes continue to evolve at an astonishing rate and in often-unpredictable ways but who they are and what interests them will remain either unchanged or be clear to discern. The brands that they invest in, financially and emotionally don’t necessarily need to fall-away as a result of these new consumer trends. If organisations have the right level of trust, their customers will choose to share their new behaviours and preferences with you, knowing that they will protect their personal data and respect their privacy at all times.

Beyond big data: smart data

One of the greatest failures of ‘big data’ is that it encouraged harvesting as much data as possible without necessarily asking why this data was needed and how it was going to be used. GDPR will break this cycle, turning big data into smart data. Now organisations will need to ask themselves why they want it and what they are planning on using it for. If everyone had done this years ago, then it would have made aspects such as personalisation much easier.

Going forward, it will be easier for businesses to ensure they are looking at customer engagement across the entire life cycle and not just as a marketing exercise. Storing customer data for the benefit of the customer has to be the mantra, and organisations will need to have a clear vision and a wide understanding of what benefits and customer experience improvements will result from its use and communicate this to their customers.

Taking data into the boardroom

GDPR will also go a long way towards engraining a long-needed organisation-wide appreciation of just how much customer data is being collected and stored across businesses.

At Bench, we spend a large amount of time talking to businesses about data-centricity and using customer-data in every aspect of their strategic and operational planning to improve efficiencies, develop better products, offer better service and anticipate developing customer needs. However, we often hit a brick wall in terms of elevating that conversation beyond the users of data and analytics.

GDPR will bring data into the Boardroom and hopefully alongside the regulatory impetus to properly protect and use consumer data, leaders beyond the CMO and CIO functions will more actively support the critical process of data democratisation and normalisation, which are so key to achieving customer-centricity.

New value exchange

GDPR offers a real opportunity for organisations to review current practices and get their data management and governance in order. Advocates of data value management have long urged organisations to see data as a corporate asset and now is the perfect time to do that.

By establishing what ‘good’ looks like (something that will vary depending on the nature of a particular business) and constantly asking ‘where’s the value?’, organisations can start to better measure the effectiveness of their data strategy and in turn make more use of data to improve the customer experience.

As well as harnessing data to improve the customer journey, GDPR presents a real chance for businesses to re-engage with customers and educate them on the benefits of data sharing. People will be happy to grant access to their data if their needs are being met.

By taking this approach, businesses can also get ahead of the game in terms of allaying any fears individuals may have around how their data is gathered and used. Showing that they have strong, secure data governance strategies in place can go a long way in fostering consumer trust and helping to build strong brand relationships, something which is good for everyone.

Data really does have the scope to revolutionise customer experience, but in order to gain access to good data organisations need to establish trust and to get that trust they need to be transparent.

We strongly urge all businesses not to hide behind GDPR, but to come out and lead with transparency by handing control of data back to customers. Those that do this will be the trailblazers of the future.

Our current ‘Ask the Expert’ GDPR report has been produced in partnership with one of our Group Companies, Response One and one of our Partner organisations, MyLife Digital.

To read the report in full, register to receive it here: ‘Ask the Experts’ GDPR report

Talk to us if you want to learn more. 

GDPR checklist – the road to positive compliance and best practice data management

GDPR checklist – the road to positive compliance and best practice data management

MyLife Digital, an organisation that empowers businesses and individuals to realise the meaning, value and power of their data, has compiled the ultimate GDPR checklist, which sets out activities you will need to consider – and act on – by the compliance deadline of 25th May 2018.

Organisation

  • My board understands and supports GDPR
  • We have checked we use plain English
  • We have assessed and updated our privacy policy
  • We have a data protection officer
  • We know which departments will be impacted
  • We have assessed the level of corporate risk
  • We understand how we communicate with our supporters
  • We can be fully accountable

Processes and systems

  • We know the source of all data
  • We know what data we are holding
  • We are transparent about the use and sharing of data
  • We can clearly demonstrate that we have consent to use this data
  • We have processes in place to delete data
  • We have systems in place to manage a data breach
  • We can comply with an individual’s right to portability 

Technology

  • We can provide details of all data electronically
  • All data is securely stored and safely encrypted
  • We can fulfil the ‘right to be forgotten’
  • All new technology has privacy by design built-in

Information and rights of access

  • We have updated all our permission statements and they are ready for GDPR
  • Individuals can easily find out what information we hold on them
  • We can verify individual’s ages and identify children for specific consent
  • We have developed template responses
  • We know what additional information needs to be collected to adhere to GDPR

Next steps

  • We have tested an individual’s experience when requesting consent
  • Individual’s can access their own data and update their preferences
  • We can put it right if we get it wrong
  • We can restrict profiling
  • All departments are fully aware of policies, procedures and the new GDPR regulations

Our current Ask the Expert’ GDPR report has been produced in partnership with one of our Group Companies, Response One and one of our Partner organisations, MyLife Digital.

To read the report in full, register here to receive your copy ‘Ask the Experts’ GDPR report

Talk to us if you want to learn more. 

Steps to success – the road to positive compliance and best practice data management

Key steps to GDPR success

Understanding the requirements of GDPR is one thing, but being able to translate this into compliance is something else entirely. And of course the larger the organisation, the more complex the process.

With this in mind, what can organisations do to ensure they comply?

1. Map your data flow: conduct an audit

This is perhaps the most important step, and the one which every other element of GDPR compliance is built on. Get the discovery phase right and the rest will follow, get it wrong and the entire process will be beset with problems. By conducting an audit organisations can establish:

  • What data has been collected
  • Where it is being stored
  • Who is using the data
  • Why the data is being collected and its purpose
  • When permission was granted
  • Where permission was granted

This needs to be extremely detailed, right down to the level of where in a building VRNs are stored.

As part of this process, businesses can also determine which legal definition they are processing data under. They will also be able to highlight where they may need to go through a re-consent process with customers, which can act as a great way to reconnect with individuals.

2. Examine your privacy policy

Providing privacy information is already a requirement under the DPA, but GDPR takes it a step further. It has a specific emphasis on making privacy notices understandable, transparent and accessible. Best practice here is to explain with each piece of data collected why it is being collected and how it will be used. This will make it easier for individuals to understand and also be repeatedly informed about how their data is being stored and used.

Of course the level of detail needed in a privacy policy will depend on the type of organisation. For a mail order company who just needs to collect names and addresses it will be fairly straightforward, for a large organisation such as Sky, it will be far more complicated.

What remains the same, regardless of the size of organisation or sector, is the need to take the opportunity to help empower customers and build trust. For example, organisations could look to integrate a permissions management dashboard into their privacy policies, which will not only give customers greater control, but will also enable businesses to use data more effectively.

3. Appoint a Data Protection Officer

Having a suitably knowledgeable person or team of people that focus solely on data protection is not a prerequisite of GDPR, but it will hugely help in complying with it and with data management and governance generally.

If there is not someone with this expertise already in the team, then businesses need to act now to train or recruit someone.

Their role will be two-fold, to act as someone individuals can contact regarding their personal data and also to cascade out information about GDPR and data protection across their organisation.

The Data Protection Officer will also be key in helping to gain board level support, as once this is in place then half the battle is already won.

4. Educate everybody

Every single person within an organisation needs to understand the importance of GDPR and that there is a fundamental move within the organisation to treat data differently going forward.

This again demonstrates why a Data Protection Officer is so vital as they will play a pivotal role in ensuring this happens.

As GDPR compliance essentially involves implementing a new data strategy, it is especially important that the board fully understands the impact of GDPR and is on-board with making resources available to implement the changes.

 5. Communicate externally

Once everyone internally understands the new data strategy and is aware of the role they need to play, businesses can then communicate their new approach externally.

It is hard to impress how important transparency with customers here is – and not for the sake of compliance with the new regulations, but for the good of the company as a whole.

Our current ‘Ask the Experts’ GDPR report has been produced in partnership with one of our Group Companies, Response One and one of our Partner organisations, MyLife Digital.

Talk to us if you want to learn more. 

New data rights – the road to positive compliance and best practice data management

New data rights

Under existing laws, ‘data subjects’ (customers) have:

  • The right to object to processing for direct marketing
  • Right to be forgotten (e.g. Google’s online search results)
  • The right to make Subject Access Requests (SARs)

However, under GDPR legislation, customers will be able to still object to processing for direct marketing, but will also have:

  • A right to object to automated processing (profiling) for legitimate interests
  • The right to be forgotten becomes ‘the right to erasure’, which enables data customers to request personal data to be erased ‘without undue delay’
  • Subject Access Requests must now be free of charge
  • The right to rectification, allowing people to correct personal data about them that is inaccurate, and request the completion of incomplete data
  • The right ‘not to be subject to a decision’ when:
    • It is based on automated processing, and;
    • It produces a legal effect (or similarly significant effect) on them
  • The right to data portability, this is a new addition to the regulations and critics fear that it could lead to disproportionate compliance costs. It requires organisations to hand over personal data to a customer in a usable, transferable format for further use by the data subject. For example, if an individual wishes to switch between service providers.
    • One outcome of this may well be that a new sector of ‘data aggregation’ service providers comes into being. Imagine a proposition whereby all your credit card spending, loyalty rewards and personal expenditure data were aggregated and curated in a live dashboard for you to access and from which personalised ‘advice’ or guidance might be forthcoming. Add to this data from smart meters, online browsing and voice-activated personal assistants and it’s not hard to imagine a huge swathe or live customer data being transferred on a daily basis from multiple sources to a nominated ‘custodian’ of a consumer’s data.
    • It is this obligation to make data available and to transmit it that holds a significant degree of fear for those businesses that understand where the consumer democracy is ultimately heading.

What this all essentially boils down to is that organisations need to better understand what data they hold, why they hold it, how they have gained permission to hold it and whom they are sharing the information with.

They then need to ensure they are being upfront and transparent in effectively communicating this with customers, as well a giving individuals the opportunity to control their own data.

 

Our current ‘Ask the Experts’ GDPR report has been produced in partnership with one of our Group Companies Response One and one of our Partner organisations MyLife Digital.

To read the report in full, register here to receive your copy ‘Ask the Experts’ GDPR report

Talk to us if you want to learn more. 

Know your legal basis – the road to positive compliance and best practice data management

Know your legal basis and consent mechanism

Under GDPR, organisations will need to process data using one or more of the below legal basis:

  • Legal necessity
  • Vital – (such as in cases of medical emergencies or life or death)
  • Public knowledge
  • Execution of contract
  • Legitimate interest
  • Consent

So for example, a finance company is unable to locate a customer who has stopped making payments under a hire purchase agreement. The customer has moved house without notifying the finance company of his new address. The finance company engages a debt collection agency to find the customer and seek repayment of the debt. It discloses the customer’s personal data to the agency for this purpose. Although the customer has not consented to this disclosure, it is made for the purposes of the finance company’s legitimate interests – i.e. to recover the debt.

Consent mechanisms

Whereas before there was one consent to rule them all, GDPR requires a complete review of consent mechanisms, to make sure they meet the legislation’s new standards. If organisations cannot achieve the new, high level of consent then they must find an alternative legal basis (as listed above), or not process the data in question at all.

As such, businesses will now need to review their consent mechanisms to make sure they meet the GDPR requirements on being specific, granular, clear, prominent, opt-in, documented and easily withdrawn.

The key new points are as follows:

  • Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary
  • Active opt-in: pre-ticked opt-in boxes are invalid – use unticked option boxes or similar active opt-in methods (e.g. a binary choice given equal prominence)
  • Granular: give granular options to consent separately to different types of processing wherever appropriate.
  • Named: name your organisation and any third parties who will be relying on consent – even precisely defined categories of third-party organisations will not be acceptable under the GDPR.
  • Documented: keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented.
  • Easy to withdraw: tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you will need to have simple and effective withdrawal mechanisms in place.

No imbalance in the relationship: consent will not be freely given if there is imbalance in the relationship between the individual and the controller – this will make consent particularly difficult for public authorities and for employers, who should look for an alternative lawful basis.

 

Our current ‘Ask the Experts’ GDPR report has been produced in partnership with one of our Group Companies Response One and one of our Partner organisations MyLife Digital.

Talk to us if you want to learn more. 

Understanding GDPR – the road to positive compliance and best practice data management

Understanding GDPR

So what is GDPR all about? Jonathan Richmond, Associate Director at insight driven marketing agency, Response One, explains all.

The idea of protecting peoples’ personal data is not a new one. Both the 1998 Data Protection Act (DPA) and the 2003 Privacy Act look to do just this. However, with the explosion of digital technology a new set of data protection rules were needed – cue the General Data Protection Regulation Rules.

They mark a complete step change in data governance and although it is being introduced to cover the digital economy, GDPR will also apply to paper based systems. It is not just about consumer data either, employee data is covered, as is anything that is seen as personal data.

Data processing

GDPR requires that data be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate and, where necessary, kept up to date
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

By far the most important of these from a marketing perspective is the second bullet point. Businesses have been gathering as much customer data as possible, at any opportunity and through often opaque practices for a long time (register to download, create an account etc.). Now, organisations will have to clearly state that they want data in order to undertake specific marketing as well as be clear about when and through which channels they will communicate. Finally, businesses won’t be able to use personally identifiable data to profile or segment customers without their specific authority.

On a corporate level, the most important is probably the last bullet point. Breaches of personal data security that would have cost an organisation £100k might now end up costing many millions if businesses don’t comply and prove that they are doing so. C-level executives and those with system responsibility, particularly in this age of The Cloud, would probably consider this the most challenging aspect.

Importantly, GDPR also requires that

“The controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

Meaning that it is not enough for organisations to simply comply, they must actively demonstrate this.

 

Our current ‘‘Ask the Experts’ GDPR report has been produced in partnership with one of our Group Companies Response One and one of our Partner organisations MyLife Digital.

Talk to us if you want to learn more. 

Countdown to GDPR – the road to positive compliance and best practice data management

The Final Countdown

With less than a year to go until GDPR comes into effect, it is dominating the news agenda and is a top priority for businesses. From retailers to charities and the manufacturing industry to financial services, the impact of GDPR will affect every organisation that handles customer data and will be far reaching. Indeed, it has the scope to change the face of marketing completely. Yet behind the hype, there is much confusion from businesses of all sizes from across industry, which know that they have much to do to comply with GDPR, yet do not know where to begin.

While for many, compliance with GDPR may seem like a gargantuan task, those that embrace it as an opportunity to lead the way in the new consumer democracy and demonstrate a new level of transparency and trust, will be the ones who ultimately win. Although undoubtedly a complex task, GDPR offers as many opportunities as it does challenges.

Over the next few weeks we will be sharing extracts from our latest report, which aims to provide clear and positive solutions for companies looking at where to start and how to comply with the most significant overhaul of EU data protection law in recent years. It will draw on insights and advice from experts across the marketing and technology industry, setting out what companies need to do to ensure they have best practice data management in place and are compliant ready.

Beyond that, it will explore the opportunities that GDPR offers for organisations. If customer experience is the battleground of the future, then data is key to winning the war and GDPR is the perfect opportunity for businesses to rethink their approach to data and the enhanced customer relationships and experiences it allows.

 

Our current ‘Ask the Experts’ GDPR report has been produced in partnership with one of our Group Companies Response One and one of our Partner organisations MyLife Digital.

Talk to us if you want to learn more. 

Data: it’s all about trust

Data: it’s all about trust

News this week that Unroll.me has been busy selling customer data really gets to the crux of why there is a need for better data management and governance.

People need to be able to trust companies, not worry that when they sign up for a web service allowing them to unsubscribe en masse from mailing lists, newsletters and other email annoyances, they are only to discover that in order to monetise this free service, their personal data is being sold.

This is why GDPR is needed and it can’t come fast enough.

As the value of data increases, consumers trust in organisations to manage it properly is rapidly decreasing. Revelations such as Unroll.me selling aggregated data about users to the very apps they were unsubscribing from doesn’t help.

People are starting to lose trust in the internet because their personal data is such a valuable commodity and they know it. This is why there is a desperate need for better data management and governance.

As data scientist Bradley Voytek famously said while at Uber: “I don’t need to know everything about everybody. I just need to know a little bit about a whole bunch of people.” But these people have a right to know what this is and how their data is being used. They do not need to be told that they should have read the small print.

In data we trust

Whilst the desire to improve the customer experience is at the heart of Big Data it often isn’t being managed well. Clearly, the more relevant data that is gathered, the more personalised the experience for customers but this does mean that the importance of having excellent processes in place to capture and manage data is more crucial than ever if companies want to get it right.

Those that succeed will be the ones who can properly leverage both data and technology to make customers’ lives better. They will also be the ones that consumers trust.

Proponents of data value management have long urged organisations to see data as a corporate asset and they are right. Just like any asset organisations should attach cost and value to their data but it is clear that only a small minority of market leaders are doing this.

The majority only consider data in this way when a specific requirement rears its head.  Often this will be a regulatory change such as GDPR.

We need consumers to trust us

This is understandable as the cost of entry into the data value management club can be high.  There are software costs, management consulting costs and technical implementation costs. The promise of return on investment from data governance has in the past needed to be cast iron. But waiting until a project demands better data management is simply too risky.

Act now

Action is needed now to ensure consumer trust is maintained in online services. And there’s much that needs to be done, from identifying all your key stakeholders, setting up a steering committee and nominating data stewards, to defining data related rules and processes, implementing data quality related processes and assigning decision rights and accountabilities. This all needs to be done properly and in time for GDPR.

If you’re keen to get going and want to get ahead of the game find out more by reading myBench’s latest Ask the Experts Report or attend one of our regular ‘Knowledge Bench’ events.

 

Click here to register to receive MyBench’s ‘Ask the Experts’ GDPR report

Talk to us if you want to learn more.

Why we should welcome GDPR

Why we should welcome GDPR

There has been much discussion of GDPR in recent months and this is only set to increase ahead of May next year. It’s fair to say that there has been a general feeling of confusion and trepidation around the new regulation, but it is time for organisations to start focusing on the positives it can bring in terms re-connecting with customers and offering them an improved brand experience.

Getting your house in order 

GDPR offers a real opportunity for organisations to review current practices and get their data management and governance in order. Advocates of data value management have long urged organisations to see data as a corporate asset and now is the perfect time to do that. Just like any asset, businesses should attach cost and value to their data.

By establishing what ‘good’ looks like (something that will vary depending on the nature of a particular business) and constantly asking ‘where’s the value?’, Organisations can start to better measure the effectiveness of their data strategy and in turn make more use of data to improve the customer experience.

Re-engaging with customers 

As well as harnessing data to improve the customer journey, GDPR also presents a real chance for businesses to re-engage with customers and educate them on the benefits of data sharing. People are often increasingly reluctant to part with data and organisations need to demonstrate the value exchange involved. This includes improved service, a better understanding of customer needs and a better brand experience.

Getting ahead of the game 

By taking this approach, businesses can also get ahead of the game in terms of allaying any fears individuals may have around how their data is gathered and used. Many people may have no real idea of exactly what happens to their data and with GDPR looming, there is a real danger that common misconceptions around data use and storage will be magnified.

Showing that they have strong, secure data governance strategies in place can go a long way in fostering consumer trust and helping to build strong brand relationships, something which is good for everyone.

 

Register here to read myBench’s ‘Ask the Experts’ GDPR report.

Talk to us if you want to find out more.

GDPR aside we have a moral obligation to protect data

GDPR aside we have a moral obligation to protect data

With GDRP looming and businesses grappling to understand its complexities ahead of May next year, there is a real opportunity to stop and think about how customer data is handled. Putting GDPR anxieties aside we have a moral obligation to protect data and GDPR provides a real opportunity for businesses to get this right.

What’s GDPR all about?

  • General Data Protection Regulation rules will be applicable by May 25th 2018 to all organisations that operate in the EU market
  • The regulations are extra-territorial. Overseas firms doing business in the EU market are subject to it. Even with Brexit, UK organisations will still be affected
  • The fines are serious; data breaches can generate fines of €10m or 2% of
    annual revenue. Wider or consequential breaches of its provisions will generate fines of €20m or 4% of revenue
  • Consumers have enhanced rights so they have control over who has their data and where it is stored
  • Consent to use data must be freely given, specific, informed and unambiguous for each purpose for which the data is being processed
  • The regulation applies (with some nuances) to both the data controller and data processor
  • right to data portability will make it easier for individuals to transmit personal data between service providers.

What does this mean?

In an age where data underpins everything we do this heralds a new era for businesses. GDPR is all about giving control back to consumers and making companies more responsible for their data management, with company directors becoming personally liable for data management processes.

Compliance is one thing. However, if you do this right then GDPR could be the catalyst for very positive outcomes in your business.  The organisations that lead the response to this challenge will be seen as innovators, as brands with a social conscience who are protecting their customers.

There has always been a strong business case for better information management, solid information governance and sensible information lifecycle management – but there is a moral obligation to get this right as well.

 

Register here to read myBench’s ‘Ask the Experts’ GDPR report

Talk to us if you want to learn more.