The General Data Protection Regulation due to come into force next May should be regarded as the biggest hint yet for companies to reshape themselves for the digital world - aligning with The 10 Principles of Open Business.
Rather than fear at the number of sticking-plasters that need to be applied to support business as usual, forward-thinking companies will be taking the hint; data ownership is no substitute for genuine relationships.
That's the real message of GDPR - stop hoarding data to exploit customers.
In fact it's very difficult to see in a post GDPR-world why any customer would choose to allow a company to retain their data unless (and they have to be transparent about this) their is a genuine and positive partnership defined in their data notices.
Of course companies can (and many should) spend time, trouble and money ensuring compliance by (for example);
- Appointing a Data Protection Officer
- Reviewing each and every business process to ensure data protection is designed in
- Ensuring default privacy settings are set to high at each and every touch point
- Making it crystal clear exactly what data is being stored about whom, for how long and for what purpose - at every relevant interface
- Providing complete data portability - enabling users to withdraw access to all of their data and take it with them, at any point they choose,
- Devising Data Protection Impact Assessments
- Developing new processes to respond to requests for data and complaints about use
- Preparing to defend your use of logarithms for the decisions they deliver and offers they make or do not make
- Where are the benefits in partnering; how far into the centre of the organisation can customers be brought
- How do you score for trust?
- Set a new goal state, roadmap for organisational change and supporting technology architecture
- Is it to build trust?
- Get direct insight?
- Get help in decision making?
- Find savvy co-creators?
- Deliver a better experience, better serving need?
- What data could be available to you – what can you learn from customer interactions?
- What value for third parties and customers could that generate
- Consider role of Decisioning (NBA)
*This is always the case with my writing - but given the legal complexities of the GDPR I want to make it even more clear than usual - these views are mine and mine only and should not be assumed to represent those of my employer.