As the last few weeks have thrown into sharp relief, millions of people are suddenly becoming more aware of the power their own data holds, and the data collection practices that go with it. The headlines may have been full of some of the biggest names associated with the data economy, but the coming months look set to herald a new approach to data protection where privacy is balanced with the positive opportunities it can deliver for customers and businesses.
We believe that as GDPR day fast approaches on May 25th, how personal data is handled could be a real differentiator in a crowded market.
Negative approach breeds negative results
Most of the negative reaction directed at GDPR comes from the misconception that it will have a detrimental effect on businesses. Critics cite the time and cost associated with compliance and restructuring to ensure ongoing adherence to the rules, the disruption to entrenched business models and ways of working, and the time and effort involved in re-educating staff. Some organisations have been quite vocal on the topic, with the Information Technology and Innovation Foundation (ITIF) claiming that GDPR could drive the digital economy “two giant steps backward.”
We disagree. The fact is, new regulations can always put pressure on those not flexible enough to adapt. But organisations who are agile enough to adapt quickly in response to the ever changing technological and legislative environment will flourish.
Approaching GDPR from a positive and proactive position means acknowledging its flexibility and embracing it. There needs to be a fundamental shift in approach to technology and business, which up to now have been treated as separate entities. The new regulation recognises this and presents an opportunity for technology to be embedded into business models.
A better business model
Companies should look to evolve how they use data analytics and assess how data collection can be used to benefit theirs customers as well as the business. This is where the great opportunity lies.
So, with GDPR coming into play, it’s a perfect time to re-evaluate how a company’s products and services are created and marketed. If a business is relying on information that has not been freely given to it, or there’s no legitimate reason to collect or use it – it will have issues under GDPR. The message is clear - business models must include data protection by design, whether it’s a new start-up or an industry titan, there is no escaping it.
But if you’re struggling to conduct data analytics in compliance with the new regulation, there are other methods to meet customer needs. Companies could consider outsourcing their data analytics to a third-party, who can apply the latest analytic tools to get the most value. This has considerable benefits, from leveraging their expertise and experience with other clients to the assurance that comes from working with tools that have been created specifically to ensure regulatory compliance. This would go some way to establishing trust with consumers, who may have cause to be weary.
Restoring trust
Organisations must focus on generating and maintaining their customers’ trust. In fact, IBM recently found that 75% of consumers globally (82% in the UK) will not buy a product from a company if they don’t trust it to protect their data, no matter how great the products are. Communication is not only key to this, but with informed consent required under GDPR, it is now essential.
One key point to make here is that organisations should ensure that all staff are fully versed on GDPR. It’s frustrating to consumers to receive an email update on a company’s privacy policy (you may have seen these flood your inbox recently), only to be met with ignorance when they call the customer service line. If the current climate calls for anything, it’s that cybersecurity information and data protection should arguably be core pillars in customer service.
Business technology
A “cloud first strategy” has been a buzzword for analysts and vendors alike over the last few years. And there’s clear evidence companies are increasingly shifting their IT infrastructures to the cloud. But as the regulatory landscape changes, so does the way companies collect, manage and interact with their data.
The full variety of solutions to this is yet to be seen, of course. But initially, GDPR will have a radical effect on business infrastructure, such as the types of cloud products considered. In fact, industry analyst, Forrester Research, has already identified a trend of companies taking data back from public cloud hosting to corporate datacenters. There is also likely to be more monitoring and controls put in place around employee use of cloud platforms – clamping down on the dreaded “shadow IT” – and governance and IT security teams will take this opportunity to update and unify security and data policies across all devices and locations if possible.
The new wave
There will be challenges with GDPR, as with any external market force – no arguments here. However, looking at it positively, it will force organisations to become more flexible whilst embedding a strong sense of responsibility that will encourage the restoration of trust.
GDPR was never envisioned to restrict organisations, it was designed to enhance the relationship between business and consumer and ensure the data economy was being built safely. GDPR has laid the foundations for innovation – grasp the opportunity to be a part of the digital future.
Felix Marx is CEO of Trūata
Want to know more about GDPR? Check out our guide here.
