Thursday, February 16, 2017

Why we should embrace GDPR

The General Data Protection Regulation due to come into force next May should be regarded as the biggest hint yet for companies to reshape themselves for the digital world - aligning with The 10 Principles of Open Business.

Rather than fear at the number of sticking-plasters that need to be applied to support business as usual, forward-thinking companies will be taking the hint; data ownership is no substitute for genuine relationships.

That's the real message of GDPR - stop hoarding data to exploit customers.
In fact it's very difficult to see in a post GDPR-world why any customer would choose to allow a company to retain their data unless (and they have to be transparent about this) their is a genuine and positive partnership defined in their data notices.

Of course companies can (and many should) spend time, trouble and money ensuring compliance by (for example);

  • Appointing a Data Protection Officer
  • Reviewing each and every business process to ensure data protection is designed in
  • Ensuring default privacy settings are set to high at each and every touch point
  • Making it crystal clear exactly what data is being stored about whom, for how long and for what purpose - at every relevant interface
  • Providing complete data portability - enabling users to withdraw access to all of their data and take it with them, at any point they choose,
  • Devising Data Protection Impact Assessments
  • Developing new processes to respond to requests for data and complaints about use
  • Preparing to defend your use of logarithms for the decisions they deliver and offers they make or do not make
With up to 4% of last year's global revenue at stake as a sanction, there's much sense in taking this very seriously indeed. However, much of the data storage, privacy and permissions issues become much less onerous if you shift  the nature of your relationship with customers - and in doing so your relationship with their data.

Start to think of data as less a substitute for a relationship - and more an enabler for building one through genuine engagement. 

The start point requires three simple steps:
1. Understand the role of the customer in your business: (Hint - the passive consumer no longer exists, if they ever did).
  • Where are the benefits in partnering; how far into the centre of the organisation can customers be brought
  • How do you score for trust?
  • Set a new goal state, roadmap for organisational change and supporting technology architecture
2. Why do you want to know more about your customers - what is driving you to build engagement?
  • Is it to build trust?
  • Get direct insight?
  • Get help in decision making?
  • Find savvy co-creators?
  • Deliver a better experience, better serving need?
3. Now you should devise a customer data strategy;

  • What data could be available to you – what can you learn from customer interactions? 
  • What value for third parties and customers could that generate 
  • Consider role of Decisioning (NBA)
By now you have a handle on what you want to achieve with customer data and how you are going to 'sell' that to customers in a way they will see as a fair exchange.

And that's a far better place to start from when working towards compliance with GDPR.y 2017

*This is always the case with my writing - but given the legal complexities of the GDPR I want to make it even more clear than usual - these views are mine and mine only and should not be assumed to represent those of my employer.

The rate of change is so rapid it's difficult for one person to keep up to speed. Let's pool our thoughts, share our reactions and, who knows, even reach some shared conclusions worth arriving at?