The General Data Protection Regulation (GDPR) is a challenge, but strong data privacy opens up the opportunity for strong advantage over the competition, such as improved customer loyalty and more efficient operations.
The negative headlines around GDPR — such as Amazon‘s fine earlier this year, the largest issued of its kind to date — can encourage businesses to see compliance as a burden. The truth is, it can be an opportunity to win and retain new customers if you can turn respect for consent and protection of privacy into competitive differentiators.
Compliant businesses, which accept that the thrust of the new regulation is to place informed consent at the heart of their operations, can immediately start enjoying the benefits of better engaged customers who are more loyal than before. Clearer, easier to understand customer consent processes will be at the heart of this change, and will offer audiences genuine choice about what data is collected and how it is used.
>See also: The multinational impact of GDPR
A study by Forrester, commissioned by Evidon, identified the benefits companies expect to enjoy through more transparent, compliant customer relationships. The number one positive outcome, for 35 per cent of companies surveyed, was improved customer satisfaction. This was closely followed by increased loyalty (34 per cent); improved brand perception (33 per cent); and deeper customer engagement (30 per cent).
Cleansing data brings ROI rewards
Customer relationships are not the only business-critical factor that can be improved. There are operational efficiencies and performance gains to be made through compliant data practices.
Getting a data map for a business is not only required to ensure compliance runs throughout a business, but can help streamline operations by deduping lists and ensure customer information is up to date and as accurate as possible, while also being processed with consent (or another lawful basis under GDPR).
In turn, this can help deliver on the new rights any EU citizen has to enquire what data a business holds on them and ask for it to be deleted or corrected.
Monitoring the digital supply chain that powers a website can also yield benefits by eliminating unnecessary or unwarranted data collection practices which depress overall site performance and can leak data to the competition.
The first question all businesses will need to ask themselves, is whether they can actually provide a person with a complete and accurate report of all the personal data the business holds about them, as the new law requires. Even more challenging: can that data be deleted, corrected and edited if the person exercises their right to do so, especially if the data is repeated across silos as is the case with so many internal file copy-based business processes?
Being able to meet this challenge not only puts a company a long way towards compliance and shows customers their data rights are being respected, it is also the data equivalent of a data cleanse that can only improve performance and ROI.
Improved efficiency, SEO boosts and better experiences
As part of their GDPR preparations, businesses will need to look at the way they, and their partners, collect data from the public to ensure they can deliver these improved, compliant data practices.
Those that can are likely to realise collateral benefits, such as improved campaign performance, reduced digital supply chain costs, and faster user experiences, all driving up overall ROI.
Evidon research found that almost 70 per cent of site operators surveyed had third party marketing technologies running on their site that they were unaware of. Not only were these unmanaged technologies affecting performance for nearly 80 per cent of sites in that category, more than half (57 per cent) feared they might be suffering some form of data leakage via some of that third party code.
While the likes of Google are moving away from third-party cookies, organisations will need to stay vigilant.
To be confident GDPR compliance has been achieved, and is being maintained, businesses need to know who is running code and tags on their site.
When a company restores order to its own properties, and ensures only tags from GDPR-compliant operators are running, two things happen. The business protects itself from losing face and possibly being fined for non-compliance and the risk of inadvertent data leaks. It also gets a site that runs far more efficiently, more effectively and incurs less downtime and fewer staff hours spent trying to resolve third party issues.
That is good for customer experience. It is also a must for high SEO rankings in a mobile-first, accessibility-aware media landscape.
Securing a competitive advantage
It is a similar story of a competitive edge waiting to be revealed through compliance when it comes to protecting personal data.
The fines that non-compliance brings are perhaps one of the most-reported aspects of the new regulation. Serious breaches can cost a company €20m, or 4 per cent of global annual revenue per offence, but the Information Commissioner’s Office (ICO) has been very clear it has no intention to scapegoat businesses using these powers.
The GDPR is very clear that data has to be held and processed securely and though the law does not outline how, Article 32 provides a clear prescription for what is expected. The ICO’s advice is that processing the minimum amount of personally identifiable information possible is a good start.
Then, storing it securely and in an encrypted form makes sense. In certain circumstances, anonymising data so it can collectively provide insight without revealing identities is another tactic many organisations are using.
Securing data so it cannot be hacked is a worthy end in its own right. After reassuring customers that you embrace a more transparent relationship in processing data, making sure their data is safe is just good business, regardless of any compliance requirements.
One need only look at how the infamous cyber attack on TalkTalk for a good example. The telco has revealed the breach in October 2015 cost £60 million and saw 101,000 customers switch provider.
Equifax, a US-based credit reporting agency, admitted in September 2017 to losing the personal information of over 145 million US citizens (and over 400,00 UK ones) and is now facing a crippling 50-state class-action lawsuit.
Customers are worth it
There is no point pretending GDPR compliance is not an expensive challenge. Forrester’s research work, commissioned by Evidon, found that nearly one in two business (48 per cent) are spending £1m or more on GDPR compliance, and nearly three in four (72 per cent) have been preparing for the new regulation for a year or more.
However, when the positives are factored in, it looks like money well spent, compared to the alternative. Staying GDPR compliant gives companies an advantage over rivals, as they are beginning to forge more trusting customer relationships which they fully expect will deepen loyalty and drive up the bottom line.
By clearly handling that data lawfully and securely, companies can make privacy a unique selling point.
It is just as much about restoring trust by reassuring consumers their data is now both respected, and protected.
Information Age guide to data + privacy — Data and privacy regulation is becoming increasingly complicated, with the EU set to fine companies up to €20m for misusing people’s information. Here are strategies and tools to ensure you stay compliant.
The best IT compliance tools for your business — Exploring some of the best IT compliance tools and methods that are suitable for all types of business.