On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect after a two-year grace period following adoption by the European Union. During this time, many companies scrambled to meet the requirements of the data privacy overhaul, as the stringent fees for non-compliance can amount up to €10-20 Million or, in the case of a corporation, up to 2-4% of its total worldwide annual turnover for the previous financial year, whichever is greater. Articles decrying the strain on innovation the regulation was sure to effect abounded. This sense of foreboding rang especially true in a time of great volatilty, uncertainty, complexity, and ambuguity (VUCA) and for industries particularly burdened by high uncertainty, such as the automotive industry. However, those willing to do the work (see the article from my colleague Tom Kussmann) and proactively adapt to the GDPR can use this upheaval to their advantage, as forward-thinking companies have always done.

Although the initial application of the GDPR seems daunting for historically inflexible OEMs, the required changes will spur innovation for those ready to embrace the new rules. Our two-part blog series on innovation and the GDPR will explore how the automotive industry can build upon its investment in compliance to ultimately create new revenue streams in the era of strengthened and more regulated data protection.

Part I – The Roots focuses on the organizational transformations driven by the data privacy regulation, which lay down the foundations necessary to reach the next phase of innovation. Part II – The Rewards will expand on the derivatives of compliance and provide a path to profit.


Figure 1: Part I – The Roots denotes organizational transformation

Modernize and digitize data processes and systems

To comply with the GDPR, nearly all companies must modernize and digitize their data processes and systems to some degree. This is good news for the notoriously slow-to-change OEMs, whose outdated data storage and processing systems do not provide the best infrastructure for housing and retrieving information. In some cases, no such digital systems exist. Thus, being forced to overhaul current systems will facilitate less bureaucratic and more automated data governance. This in turn will improve overall data quality, leading to the more efficient use and analysis of data.

Implement company-wide culture change

According to our most recent Digital Transformation Review, culture is the biggest hurdle hindering an organization’s digital transformation. While the updated data systems and improvement in data quality will get the ball rolling, companies need to truly change their culture to innovate and stake a claim in the digital era. But how can a transnational data protection regulation possibly beget culture change?

While open communication, diversity of ideas, and efficient information exchange are thought of as resulting mainly from less top-down, more side-to-side involvement within a company aggrandizes these positive effects on corporate culture. The all-encompassing nature of data necessitates a cross-departmental effort within an OEM to achieve compliance with the GDPR. Perhaps for the first time, members of the procurement department will work closely with the marketing and sales teams, who have already joined forces with the company’s IT division, to disclose data for a supplier in a timely and cohesive manner (for example). Indeed, such a group has the potential to develop into its own separate department or organizational unit focused on new core competencies designed to fit the needs brought about by the data regulation. This is how the GDPR fosters company-wide collaboration, which is crucial for innovation.

Focus on customers

Given how long it takes to bring a new car to market, OEMs often focus on individual features, such as futuristic interfaces, to show off their innovations at high-profile events like the Consumer Electronics Show in Las Vegas. The pressure to dazzle can lead to remarkable products but can also cause tunnel vision on inventions that may never make it on the road, especially with the zeitgeist veering towards more, not less, technological privacy (Do we really want cars to look into our brains?). With the enhancement of consumer rights embedded in the GDPR, companies have been reminded to step away from concentrating on innovating solely for headlines. Preparing for the implementation of the regulation has required OEMs to anticipate what customers want with their data, which additionally shifts the focus for companies back to real consumers. Having to work within the confines of increased data privacy and realizing the degree to which it’s important for customers will actually help companies if they think of the GDPR as a guideline to applicable innovations and not a restriction on creativity.

Better data governance, corporate culture conducive to innovation, and a renewed emphasis on the customer are all good things, but what will they ultimately lead to that ensures the future survival of an OEM in the age of data security? The next article in our blog series will elucidate and continue to investigate the potential positive consequences of the GDPR on the automotive industry.

<This article is co-authored by my colleague Sue Jean Park>