The General Data Protection Regulation (GDPR) is creating new business opportunities by making it easier for companies worldwide to operate throughout the European Union. GDPR compliance will force companies to review their data-handling practices, and to analyze and understand their customer data types. Now, the conversation is changing from the burden of compliance to the opportunity to refocus on what is important to our businesses.
Data protection is a critical factor in digital commerce. As with any regulation that gives customers confidence in their vendors, it will establish trust and encourage more digital business. In addition, consolidating data from siloed systems onto a unified platform will give businesses a 360-degree view of their customers and a competitive advantage.
Data is transforming the world economy, and data analysis is the next frontier in creating value. Done right, GDPR compliance will actually boost digital business.
Establish Digital Trust to Generate Business Value
Research shows that the higher the customer confidence in a company’s data security, the more likely they’ll be willing to share their data. At the same time, customers are much more likely to avoid companies that have shown themselves to be careless with data.
A survey by Gemalto, a data-security vendor, revealed that 64 percent of consumers worldwide said they were unlikely to do business again with a company that experienced a data breach in which financial information was stolen. Almost half (49 percent) said it was unlikely they’d patronize companies that had data breaches in which personal information was stolen.
This all points to the theme of creating digital trust with customers, citizens, and employees that will in turn generate business value in the market. By establishing trust through proven data security, situations that are viewed as burdens by some can actually be seen as opportunities. For instance, you can build on customer retention by introducing targeted value propositions into any data breach notifications that get sent out, and you can think of the right to be forgotten as a way to optimize your marketing budget and target only customers who are interested.
Improving Cybersecurity and Risk Culture
It has been estimated that, in 2016, cybercrime cost the global economy more than $450 billion in U.S. dollars. And due to recent high-profile cyber incidents around the world, including the recent WannaCry ransomware attack, the level of cyber risk awareness continues to rise. The GDPR requirements should go a long way toward reducing this risk by raising cybersecurity levels and thus reducing the potential for data loss, operational disruption, and physical damage—not to mention reputation and brand damage.
Under the GDPR, companies must appoint a data protection officer (DPO). The DPO’s role will be to supervise GDPR compliance and advise staff who deal with personal data. The intent is that the DPO will report into the highest management level of a company, which will go a long way toward creating a cyber-risk-aware culture.
I see this new regulation giving businesses the opportunity to complement their data protection practices with those of privacy and operations. Moreover, establishing trust with customers also gives us the opportunity to look at how we can optimize the customer experience.
Secure Data Leads to Better Data Use
GDPR compliance can be a catalyst for building stronger digital capabilities and more sophisticated data management techniques that can be used to create competitive advantage. As data-handling practices are optimized, customer data analysis can be used to improve and target offerings. Such competencies help businesses identify shortcomings in the customer experience and unearth new ways to engage with their customers, enabling them to better respond to customer requests, engage with them in the ways they prefer, and identify their needs quickly.
Everyone benefits from meshing disparate systems into a single, unified flow of information. Customer data, regardless of where it’s housed, becomes readily available to anyone requiring it—a customer, a chief information officer, or a chief marketing officer. Automation puts the organization in control of requests and enables end-to-end governance. It also provides the chief executive officer with the peace of mind that the risk is understood and managed across the entire organization.
Unfortunately, we live in an age where data misuse is at an all-time high, but GDPR hands significant power back to the customer. It strengthens the rights of individuals to control their own data. The regulation demands that businesses make their digital operations more customer-focused and responsive. This can also be seen as an opportunity for businesses to enhance their existing systems rather than replace them.
Digital process automation brings disconnected systems together and consolidates fragmented data. With connected systems and information, businesses are in a better position to serve their customers. New technologies and capabilities that can deliver customer-centric information at the right time will give them a competitive edge. As with any new paradigm, there will be winners and losers, and those who take this opportunity to leverage these changes to benefit their customers will be the ones that will come out on top.
For more in-depth information on the impact of the new regulation, read Deloitte’s Economic impact assessment of the proposed European GDPR.