A year on from the General Data Protection Regulation (GDPR) compliance deadline, long gone is the stream of emails asking for consent, and to some organisations, GDPR has proved an all-round inconvenience and challenge. Any organisations that doubted the severity of compliance have been proved wrong. This year has seen European data protection agencies flexing their muscles, issuing fines totalling €56m for GDPR breaches, from more than 200,000 reported cases – and watchdogs warn that they are just getting started.
So, what has the regulation achieved so far? The Cambridge Analytica scandal highlighted the true scale of mismanagement of people’s data, and the regulation has made us more ‘data aware’ than ever before. GDPR was criticised for many reasons, including suggestions that GDPR will negatively impact relationships and communications between customers and clients and subsequently damage customer experience as it will make everything that much harder. The opposite is happening, as trust and consumer control is on the rise.
Placing the control with the consumer
Scandals in the media remain fresh in the minds of customers and people mistrusted even the mention of ‘data’. Consent lies at the core of GDPR. Clarity around consent, which made it easy for consumers to opt in and out of services, spam or marketing benefited the consumer instantly, putting them in control.
Once a customer had opted in, their data could be legitimately drawn from to personalise their experience, inform messaging and reduce friction in their customer journey.
Under the new legislation, organisations have been forced to state why data is useful to them and be specific about how it will enable them to deliver a more targeted and seamless customer experience. This has included simple reasons such as explaining that a birthday is stored so special offers can be made, or why holding multiple addresses for a customer will aid the delivery process if a parcel can’t be delivered to your home address when you’re stuck at the office.
Increased trust correlates with increased loyalty and has enabled organisations to understand how customers interact with a brand across devices and channels. The GDPR has shone a spotlight on an organisation’s disparate internal data, and made organisations unify the large quantities of information into a single view. With a better view of the customer journey, including where, when, how and why they’re communicating with a brand, organisations are better analysing this information and using the insights to drive more personalised customer experience strategies that are of benefit to the customer.
The GDPR regulation has transformed the way services and products are built. The regulation has introduced new obligations that require organisations to integrate data protection concerns into every aspect of their processing activities. This approach, ‘data protection by design and by default’, is a key element of the GDPR’s risk-based approach. It focuses on accountability, and the ongoing requirement that you show your commitment to compliance and ensuring data is private and protected.
This is a large part of a culture shift that is benefitting both organisations and customers, as the design for better digital experiences – what the GDPR is all about – improves operations, marketing, return on investment on certain technologies.
Much like building a house, contractors can’t achieve anything without the appropriate foundations. The benefits of privacy by design haven’t and won’t be noticed straight away and are more important for long term success. There is no “best for business” option in regard to privacy; only for the consumer, and it helps to build trust and keep services and products secure, which, in the future, is better for the business.
Raising global standards
One of the best aspects of GDPR is that it doesn’t just affect businesses inside the EU. Global consumer control is also on the up and companies were forbidden from simply moving data outside EU to misuse. As we know, even if you’re outside the EU, if you want to work with any companies inside it, you must also be compliant.
GDPR is raising the standard for data protection and could be the first step to a global initiative. If it continues to be successfully implemented across the EU, the chances of it influencing international practice will be much higher. This requires consumer control and awareness of their data rights to increase, as the power they have over their own data will drive adoption of a similar regulation worldwide.
Essentially, the last year has made businesses more transparent with the use of customer data and it has made it easier for them to communicate with other business and customers. This, in turn, has empowered businesses with the tools to deliver a streamlined customer experience and for those that have put in the groundwork to get it right, a competitive advantage.
Written by Joe O’Reilly, IT & Security Manager at Engage Hub.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus