Whenever you open a bank account, join a social networking website or book a flight online, you hand over vital personal information such as your name, address, and credit card number. According to Věra Jourová, European commissioner, Justice, Consumers and Gender Equality, everyone has the right of protection of their personal data.
In Europe, this protection is regulated by several laws and regulations. One of them is the General Data Protection Regulation (GDPR). In just a few weeks, this regulation becomes active, and even though it has been discussed widely for over a year, some companies remain unprepared.
What does GDPR change for customers?
Under GDPR – in broad terms – you own your data. That means you must give permission if a company wants to store or use your data in any way. In turn, companies must ask permission, and they have to do so in a way that you can understand.
Furthermore, a company must provide access to the data they hold on you at any point. If you want to know how they use it, where your personal information is stored and who can access it, they must let you. If you want to change your personal data, they must change it. If you want to limit the use of your data, they must limit it and if you want them to delete your data, they must delete it.
How does that look in a real-world scenario?
On any company website, you will soon (if not already) be able to read how the company handles personal data, how you can get more information about the usage of your personal data and with whom they share that data. They will also provide details on how to change anything related to this data.
You will have to actively accept the terms and conditions for the use of your data, and you will have to confirm that you understand how the company is working with your personal information. If you want to change anything about your data, you will have to identify yourself. Depending on the company’s set-up, this will be done via a self-service web access, like “My Page”, or via selected employees of the company.
In a workplace environment, there will be new routines and policies for managing your personal information as an employee.
If you are a manager you will have to learn what rules apply for you and your team, so you can handle the personal data of your employees in the right way.
Is GDPR all bad for business?
No, of course not! I rather view them as a windfall.
In my last blog I talked about new opportunities evolving from better control of personal data. For instance, banks benefit from the latest PSD2 regulation by becoming the centre of transactions. GDPR will open opportunities in a similar way. Banks could become data aggregators for personal data, providing a service which allows customers to gradually manage their data, including which data they want to share and with whom they want to share it. A great example of a start-up offering just such a service is Atomite.
Having access to a wide range of data is useful for companies to improve their business, either through new offer or strategy development, or by gaining better business insights to fuel efficiencies. However, this is not a one-way street: customers providing more data will benefit from a higher service level, better price model or other advantages.
What are the potential pit-falls of personal data-centricity?
Discussions around data security, privacy, GDPR and cybercrime in recent years has made customers more sensitive when it comes to their data. They understand the value of their personal information and are keen to protect it. As a result, companies must protect data in a mature, stable, secure, scalable and high performant way.
Recent incidents show over 80% of data breaches have been caused by employees rather than external cyber-attacks. In future, companies will not necessarily have all the data they need in their own data bases, and probably won’t act as the point of data entry. Therefore, companies must think beyond encryption, and must outline security strategies that cover internal and external risks.
In addition, customer perception of what constitutes a fair trade for their data will change. Unlike the past, a free email account won’t be good enough for customers to let companies use their personal information. Organizations must come up with a good way to compensate customers for providing their data.
Even though most companies fear fines that could result from falling short of GDPR’s standards, the highest price they pay is arguably the loss of trust and reputation. Whether a company does things with data that wasn’t agreed by customers or lacks security results in data theft, these PR nightmares will be even more visible post GDPR.
In a survey conducted by Cognizant, “return on trust is the digital economy’s imperative”. Half of respondents are willing to pay a premium for products and services from companies they trust most. However, the reverse is equally true: roughly 57% will stop doing business with a company that has broken their trust.
What does the data-driven future hold?
Companies need to be able to treat customers in a more relevant and personal way, if customers granted access to personal information. They must put their customers in control of their own personal data. Ultimately, they must build strong, long-lasting customer relationships, satisfying the needs of their more data savvy customers.
Just as the word “data” entered the board rooms, customer trust and data ethics will too. Companies need ways to measure their trustworthiness and ethical standards and prove reliability to their customers and prospects.
They will need a customer trust and ethics index. Methods, such as multi-genre analytics can be applied to connect and analyse different data sets, getting a holistic view on a company’s trust level. At Teradata, we believe the trust and ethics index should become a new key performance indicator within every organization.