We all know what ‘bad’ looks like when it comes to data – data breaches, selling data to third parties without permission, GDPR fines, customer complained, to name a few. But what does ‘good’ data usage look like? Where does the line start and stop between ‘bad’ and ‘good’?

We often get asked by our clients – “can we do this?”, “is it allowed?”, “are we GDPR compliant?”, “are we risking a fine?”. It’s rarely a simple answer as, whilst we know what ‘bad’ looks like, it’s trickier to be confident in what ‘good’ looks like. So let’s explore this.


1. Businesses use data in a ‘good’ way when it’s useful, permitted and expected.

For instance:

  • I love businesses that make it easy for me when I call them, where I don’t have to repeat things if they transfer me to a different department.
  • I love my local shop that assigns my customer loyalty points to my account, just by asking for my name.
  • I love being sent discounts and offers for products that I usually buy.
  • I love being shown what other customers “like me” buy to give me ideas.
  • I love only having to enter my 3-digit code when I pay by credit card and not my long number and expiry dates.
  • I love businesses that anticipate what I need, before I realise I actually need it.
  • I love a simple registration process that takes me seconds and not minutes.
  • I love a business that knows my name and remembers my birthday.

We can categorise ‘good’ data usage as being secure, compliant and useful.

2. Businesses can go too far and turn from ‘good’ to ‘not so good‘.

For instance:

  • I hate being stalked over the www with an advert for an item that I didn’t really need in the first place.
  • I hate receiving too many emails from anyone… anyone.
  • I hate receiving irrelevant emails when they’ve segmented me into the wrong group because I didn’t behave as normal.
  • I hate emails that chase me when I decided not to buy the item I mistakenly put in the basket.
  • I hate that people can post things on social media pages and it’s there forever.

We can categorise ‘not so good’ data usage as being irrelevant, intrusive and unhelpful.

3. And of course, there are the catastrophically ‘bad’ data examples

  • Selling my data
  • Losing my data
  • Allowing my data to be stolen

These are the examples that make you close your account and go elsewhere, after updating all your passwords in a panic.

We can categorise ‘bad’ data usage as being risky, irresponsible and unexpected.

In reality, it’s not this simple. 

Many businesses have complex business processes, multiple decision makers, bespoke products and services. Therefore, the line isn’t as easy to see as in the examples listed so far. Think about:

  • A financial services business that wants to show their key accounts how they benchmark against other businesses in an aggregated, anonymised way, so they combine & share data externally
  • A travel business that wants to provide personalised services to different customer segments, so they access personal identifiable data in order to segment customers by their characteristics and behaviours
  • An energy business that wants to predict future usage, so they use black box artificial intelligence models to offer special offers to some customers and not others
  • A SME business, in a highly commoditised and competitive market, where everyone else is doing smart things with data, and they’re missing out

So how can we define ‘good’ versus ‘bad’ data usage? Let’s draw the line.

The more anonymised & aggregated the data, the more confident you can be. However, you need to be very careful when dealing with personally identifiable data, and particularly sensitive data, such as medical information or categorisation that could be used to be potentially discriminatory. In addition, using data internally is lower risk than when you share data outside of your business. Let’s map it out in terms of risk levels.

Of course, this all sounds subjective, and, therefore, prone to different interpretation by different people. If in doubt, you can take advantage of the tools available through the ICO, particularly the excellent ‘Legitimate Interests Assessment’ – easy to apply to big businesses and small businesses alike.


What do you think? 

What have we missed? What would you add? What do you disagree with? Let us know by visiting our official LinkedIn page.