Is Your Digital Signage GDPR Compliant?
By Jeff Hastings
General Data Protection Regulation (GDPR) recently took effect in Europe. And while GDPR pertains specifically to the EU, it has global implications. Many US-based businesses – BrightSign included – voluntarily complied with GDPR to reaffirm commitment to customer privacy and simplify cross-border compliance.
With privacy again at the forefront of the broader business narrative, it raises the question of whether personalization of the digital signage experience is in conflict with GDPR. There is a clear expectation from customers that the companies they deal with treat any personal information they hold with care and respect. This means keeping it secure and not sharing it with third parties without permission. It also means not presuming permission to use data for purposes beyond the reason for which it was originally collected.
Many of the most exciting developments in signage – beacon technology, interaction via the customer’s mobile phone, recognition of the gender and age of the viewer – involve some level of customer data collection. Done sensitively and wisely, this shouldn’t present a challenge to GDPR compliance or undermine customer trust. In fact, giving the customer full control over the information they receive from you will enhance your relationship with them and improve response to your messages.
The underlying principles of GDPR are threefold:
- Be clear on what data it is you are collecting and storing, and how you are protecting it
- Be ready to respond to those who ask to see the information you are holding about them
- Have a legitimate reason for retaining that information
Interaction with customers’ mobile phones, for example, is normally via an app. Clearly, it is essential the app offer customers a clear opportunity to opt in or out of communications. This also makes sense from a relationship perspective. The more control customers have of their relationship with you, the more attention they will pay when you attempt to engage them.
Image recognition technology associated with digital signage is also an emotive issue. Here it is essential to draw a distinction between analyzing the image and storing it. For example, some foot-traffic detectors use video to count the number of customers entering a store. Unless there is a clear and compelling reason to retain that information once the count has been made, the video needs to be carefully and systematically flushed once the count is complete so that no record of it is available.
Frequently, retailers rely on third-party suppliers to install and maintain foot-traffic counters, signage systems and other technologies. It is essential to make GDPR compliance a central part of the selection process. Seek clear statements on how they treat the information they collect. Ensure you understand their processes for protecting information they hold, deleting information completely once it is no longer required, and whether information is shared with other organizations.
GDPR is an opportunity rather than a threat for the signage industry. Clearly, retailers that already collect information from signage need to be sure they comply, in Europe at the very least. Those embarking on new installations should look positively at ensuring their installation complies worldwide. Not only will this build customer trust, but it will also put them in a great position when similar regulations get rolled out elsewhere in the world. GDPR is being enforced in Europe – but the thinking behind it is shared worldwide.