The world is currently in an era termed the “Experience Economy”. Joseph Pine II and James H. Gilmore in their 1998 Harvard article described the world’s economic progress in the following terms:
To attract and retain customers in today’s “Experience Economy”, businesses must now consider ways to provide personalised services/memorable experiences to its customers. This can be done by gathering insights from data to better understand the customers needs. These insights are then adopted to offer the customers, products tailored to their needs (Data Driven Marketing). Data must however be used responsibly to avoid infringing on the privacy of others.
Here are certain points your business should note from the Nigeria Data Protection Regulation (NDPR) as you develop your own Data Driven Strategy:
- obtain the consent of the consumers (Data Subjects) before collecting data;
- collect only data required by your business whilst ensuring that the data is stored in a safe place;
- before data can be transferred to any third party, the Data Subject must consent to the transfer (this can be done with a properly drafted and accepted privacy policy);
- display a simple and easy-to-understand privacy policy that states, amongst other things, the remedies available to the Data Subject in the event of a breach;
- appoint a Data Protection Officer (DPO) (within your organisation or outsourced) who will ensure that that the company complies with all data protection regulations;
- where you process personal data of 1000 data subjects within a period of 6months, you are required to submit to a desktop audit by a Data Protection Compliance Organization licensed by National Information Technology Development Agency (NITDA); and
- where you process personal data of over 2000 data subjects in a period of 12 months, you are required to file reports with NITDA by March 15 yearly.
