GDPR: It’s Time to Focus on Your Customers

GDPRThe GDPR is not a prescriptive regulation. That is, it does not specify exactly what you must do. Instead it lays out some principles and grants extensive rights to data subjects. As a result, we have seen a broad array of compliance efforts, with many multi-year compliance journeys being mapped out. A significant number of companies have elected to start with a focus on the regulators. That is, to answer the broad question of: how can I demonstrate I am in control of the personal data I store and process? This is an excellent starting point, but your customers may not notice the changes. Individual data subjects don’t put much stock in data governance or cataloguing programmes. Individual data subjects – your customers – will be more focussed on if they feel in control of their data, and if your organisation can be trusted with their data.

Organisations who embed digital trust into their customer experience are investing in their future ability to be competitive by encouraging a crucial supply of information – personal data that their customers choose to share because they trust the organisation.

In a previous blog, I noted that 61% of people take advantage of privacy settings if available. In the case of GDPR, this is not only enacting rights, but also the ability to restrict the usage of their personal data – or even stop the collection of non-essential data in the first place. To encourage data sharing, which in turn enables personalisation, organisations must build respect for personal data and data subject’s rights into their brand image and customer experiences.

If your customers belong to younger generations, this is more important. In general, the younger the person, the more likely they are to adopt privacy settings, and supply false information if they see no value in parting with real information. On the other hand, multiple surveys have shown that >75% of people are willing to share data with organisations they trust, and if they can see a return on this data.

Increasing spending power of today’s privacy aware youth

Ignoring the desire for young people to guard their personal information is a highly risky approach. 2018 is not only the year GDPR came into force, it is also the year that millennials (born between early ‘80s and early 2000s) should have the most spending power of any generation.[i] By not fully embracing GDPR, an organisation is potentially excluding themselves from collecting and using personal data from a significant portion of the population. This data is vital for understanding behaviour and delivering the personalised experiences most organisations acknowledge are crucial for growth, and in some industries – survival. Gartner has found a clear link between digital trust and success in digital ecosystems. A 2017 report found that “Through 2020, enterprises that actively promote digital trust will be able to participate in 20% more digital ecosystems, and to attract and retain 40% more customers than those that don’t.”[ii]

Now is the time to embrace the spirit of GDPR – not in order to keep the regulators off your doorstep, but to improve your relationships with customers that are increasingly sensitive about data privacy.

How an entity complies with the GDPR will always be an individual choice. Those that choose to focus on building trust into their images will be looking to implement key elements to earn a reputation for digital trust, which is turn enables personalised experiences:

  • Define clear policies around the use of personal data
  • Ensure all staff members are aware of these policies
  • Provide the capabilities to enable staff and systems to implement the policies
  • Create a central view of your customers to better manage their data according to their choices
  • Inform your customers of your policies, and how to make their choices, and how to raise concerns
  • Embed procedures to execute data subjects’ rights into one of more existing customer engagement touchpoints

With these elements in mind, it becomes clearer that a single ‘GDPR solution’ may not be sufficient, if a complete solution exists at all. Unlike other regulations which may focus on either the data (i.e. data about individuals) or metadata (i.e. what type of data you are storing, and how it is being managed) – the GDPR requires control over both data and metadata. Additionally, the changes required to implement privacy by default and design must permeate through an organisation – from staff awareness, to ensuring the policies can be executed across all systems and business processes. There also needs to be a means of measuring compliance, not only to show the regulator should they ask, but to ensure you find and correct any deviations from your policies before your customers do. These extensive requirements are best addressed through adopting sound data management practices as a foundation to GDPR compliance.

Embracing the GDPR should deliver both trust and agility

It is good to remind ourselves that the GDPR is designed to build trust in the digital economy – allowing both customers and vendors to benefit through increased participation. Normally trust is built over a long period of time, and only through clearly visible behaviour. Unfortunately, it often takes much less time to destroy trust, which often has negative consequences. Capgemini[iii] has found that 57% of consumers will take strict action against organisations they perceive to be in breach of GDPR. Popular actions include reducing, or stopping business, and executing the right to be forgotten.

I still see the GDPR as an opportunity for you and your organization to take a holistic, intelligent, and automated approach to managing data – starting with the personal data that is the subject of GDPR. For too long organisations have been talking about the value of data, but not acting to manage this data in a publicly responsible manner, which may create the public trust necessary to nurture the data as an asset to systematically deliver value from insights gleaned from data.

Those organisations that understand the use of personal data as part of their future success, have already started to embed digital trust into their corporate image and customer experiences. They have begun extensive changes in the way they manage data, and not only for compliance purposes. A focus on data management provides the agility to rapidly adapt to a generational change in consumer behaviour as our online and offline lives increasingly merge. Organisations who still believe the regulators are the only reason to comply with GDPR risk being left behind in the digital economy.

Organisations who openly embrace data privacy are more likely to be rewarded with rich data sets about their customers and their behaviour.

With sound data management practices, they will be able to use these data resources systematically to deliver personalised experiences which are highly relevant to their customer base. In this scenario, everyone benefits.


[i] Gartner report

[ii] Gartner “Be Trustworthy in Every Customer Digital Interaction to Drive Business Results” by Penny Gillespie, Dale Kutnick, Frank Buytendijk, Bard Papegaaij, Anthony Mullen, Nadine LeBlanc. Published: 1 June 2017; Refreshed September 27, 2018

[iii] Capgemini-seizing the GDPR ad advantage

Comments