Until recently, most discussions about the General Data Protection Regulation (GDPR) have been tipped towards the negative with many, understandably, concerned how it will affect how their business and the data that's so important to future success. As the implementation date grows closer, I've noticed there's a lot businesses and individuals out there looking to capitalise on others' concern. I call them 'ambulance chasers', the type who profit from creating a climate of fear about the new laws to which we all must subscribe. This is a pity, because GDPR is a real opportunity for a step change, and a chance to make the conversation about the only person who ultimately matters in this case, the customer.
Brands who see GDPR merely as a legal or compliance obligation risk missing the opportunity to improve their relationship with customers and build new ones based on trust and transparency around their data – a critical step as we move deeper into the fourth industrial revolution.
A level playing field
Britain's role in the world is changing. The transformation in Britain's relationship with the EU is dominating the world stage, and its effects on the business world are still an unknown quantity. It is within this wider context of dramatic change that businesses must also come to grips with the implementation of GDPR and also the updates to the ePrivacy Regulation. Recent media stories and speculation may have you believing that GDPR is an unnecessary hindrance to data privacy laws and a step too far. But given the last major change to data laws was in 1995 when the Data Protection Directive came into effect, it's a strong argument that GDPR is a much needed update to our current laws.
While Britain is currently the leading, global digital economy, to maintain this position requires a global approach to free trade, with the free movement of data at its heart. Companies overwhelmingly see the benefit – our latest wave of GDPR research indicated three quarters of those asked wanted to retain free data flows across Europe (the 'digital single market'). GDPR will create a level playing field where everyone understands what the rules are concerning the data privacy of EU individuals.
In this light, GDPR should be viewed as a positive change and one that companies must embrace by placing respect for privacy at the heart of their brand proposition. Brands who use the new rules as a catalyst to build new processes and systems stand to benefit from stronger consumer relationships and enhanced marketing efforts.
Building the 'why'
The power of data is changing our lives. From ordering in takeaway to booking a holiday to listening to music – modern conveniences we now take for granted rely on a data-driven economy. Successful companies like Spotify, Airbnb and Just Eat do this well by driving value for their customers, rewarding them for their role in helping to power the data-driven economy.
Increasingly, we're also seeing consumers who have become attune to the value of their data. These foot soldiers in the 'digital revolution' are increasingly looking to how brands treat their data as a way to differentiate amongst them. Consumer research we've conducted here at the DMA shows that responsible treatment of personal data matters to well over half of customers, who said it's important in their decision to choose a particular brand.
In this context customer trust is the most important currency a company has with its customers. To protect the opportunity of the digital economy and big data it is critical that companies address this gap. The GDPR intends for companies to be obliged to operate with accountability, transparency and honesty with their customers. Brands who make trust in data central to their corporate culture, enabling every employee to make the right are also the ones who stand to benefit the most.
Making accountability key
It's six months now until May 2018. Latest research conducted by the DMA showed awareness now sits at 82 percent, with just over 60 percent confident they will have plans in place to be ready for the deadline. For many, the biggest changes will be to enshrine accountability as a legal obligation. Of utmost importance will be to establish the right accountability that determines the basis on which to process data. For marketers, in particular, it's important to underline that consent and legitimate interest will hold as equally valid when it comes to the collection and processing of data. Companies also need to be clear about why they need the data, what they are going to use it for and how they are going to keep it secure. Under the GDPR customer data encompasses a much wider variety of information than just contact details so it's important to have this type of knowledge to-hand.
And when it comes to accountability, ownership of data isn't just something for the lawyers. Accountability needs to be driven at board level and filtered down throughout a business. Ensuring an organisation builds a culture of accountability, transparency and trust is the responsibility of the CEO down – as well as the Data Protection Officer. Yes, most companies will need to make changes to how they approach their customer's data to be more transparent, more secure and more accountable in a way that is designed to put the customer's right to privacy in mind. But for those companies that have been fully compliant with current data protection rules, the incremental burdens should be achievable without undue harm to your business.
Properly implementing the accountability principles in GDPR will go a long way towards maintaining customer trust in the data-driven economy. Those businesses that are transparent, accountable and trustworthy will set themselves up to not just be compliant with the laws, but better placed to take advantage of all that the silver lining entails – greater market share, improved customer loyalty and a global approach to free trade.