In a society where 33% of consumers have cancelled a transaction online because of privacy concerns, we are starting to see the effects and consequent shift in the way people think about their data. Introducing the highly popularised General Data Protection Regulation (GDPR).

As we approach 25th May 2018 and the coming of force of GDPR, businesses will be bracing themselves for the impact. GDPR is a culmination of four years of efforts to update data protection regulation for the 21st century, to protect people who regularly grant permission to firms like Amazon, Google, Twitter and Facebook, who ask people to provide their data personal.

Yet we only need to turn on the news to be warned about the dangers of these vast permissions, exemplified recently by the ongoing Cambridge Analytica scandal, where it’s reported that 50 million Facebook profiles were harvested to influence the 2016 US election. 

What does it all mean for consumers?

It will hold more companies accountable and compliant to individuals allowing for greater transparency and trust, thus, transforming individual’s rights around data.  After May 25th, people will have the right to access their data and be able to rectify it as well as have the right to be forgotten, giving people the power to erase their data.

At present, a Subject Access Request (SAR) allows businesses and public bodies to charge customers £10 if they wish to be shown what data is held for them. Under GDPR, this is being abolished and customer’s requests to see their personal information can be requested free-of-charge (with access granted within 1 month of initial request).

This forces big consumer facing brands, as well as smaller start-ups, to give users more control over their data.  For example, GDPR will bolster a person’s rights around automated processing of data. The ICO says individuals “have the right not to be subject to a decision” if it is automatic and it produces a significant effect on a person, moving us away from thoughtless data usage.

GDPR will also allow data subjects the right to data portability, allowing consumers to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This will enable consumers to take advantage of applications and services which can use this data to find them a better deal.

Trust is everything

Ok good, more transparency, individual rights and access to my data.  That is great in theory, but what does that mean when GDPR is in place after May 25th? And how will that affect both businesses and consumers?

A meagre one in five adults trust businesses with their data, said Chief Revenue Officer, GRAVICUS, quoting data from the ICO. That is why GDPR is an opportunity, by driving privacy into the forefront, “trust can be restored,” and concentrating on data, GDPR can enhance the customer experience.

GDPR has great potential to boost commercial customer experience enterprises as well as their bottom lines.  There will be huge cost savings in getting rid of data that is no longer needed or by limiting unnecessary duplication. A recent report published by Capgemini’s Digital Transformation Institute discusses how GDPR can drive a new business model that puts trust at the centre of the customer relationship, focusing on data security and reducing cybercrime. This makes it a win-win for supply chain management and those who can demonstrate trust compliance with consumers.

We’ve already seen that failure to maintain trust with customers impacts share prices. For example, Talk Talk’s share price fell sharply after its breaches in privacy and ensued a media frenzy which was detrimental to the reputation of the brand. But even companies who fully are embracing GDPR and preparing for the change could struggle to embed the change due to lack of management support holding back efforts to comply with GDPR so make sure the executive sponsorship of GDPR is being communicated and socialised with the organisation.

Focus on technology

The GDPR solution needs to be scalable and where possible, companies should use technology platforms that allow transparency within the organisation to enable GDPR compliance. With any new regulation, there’s a learning curve, but businesses with organised solutions in place will get off to a better start than those trying to adapt retrospectively.

 Companies that aim to develop their brand using the foundation of trust will inevitably come out on top.  We have entered an age where creating the best customer experience for consumers, not just making as much profit as possible by selling ‘things’, is standard.  Consumers want to buy into a lifestyle and will choose ‘brands’ rather than ‘companies’ that will fit into this and will consequently be more likely to share information with a brand they trust.

Therefore, business now has no choice but to break down the customer-data silos between different business groups to understand the data held on each customer to make themselves truly customer-centric. For example, JD Weatherspoon deleted its entire email mailing list and agreed to stop sending newsletters in a bid to demonstrate more trust with customers and stake a place at the table in a GDPR world.

It’s a two-way street

Looking at how customer experience will change from a business perspective is only one side of the customer experience discussion.  Time stringent and busy consumers are happy to surrender their precious data if they are confident that it is going to be used in an intelligent way that will ultimately make their lives easier.

GDPR will only help to accelerate this, meaning more personalised and streamlined customer experiences, which can only be a positive thing for consumers. Businesses are required to invest heavily in this and so, customer experience will improve, allowing for less chance of data breaches.

New customer rights present the consumer with richer customer experiences and more pleasant exchanges.  Moreover, permitting customers a greater data portability will allow customers to truly find the best deals for them, further enriching customer attitudes towards ‘brands’ and therefore fostering greater trust. Increasing trust will be particularly challenging if customers choose to remove data; it will mean certain products or experiences that were available previously, such as targeted marketing, will be less available as customers data will have been removed.

Further, this will affect the world of analytics as there will be gaps in the data, meaning businesses will no longer be able to use huge data chains held about individuals to boost their bottom line.  Hence if GDPR is not embraced whole heartedly then both consumers and businesses will lose out.

The future’s bright

It’s fair to say that GDPR poses several challenges for businesses and consumers.  It asks us to contemplate questions about security and privacy for us to carry on living the digital lives that we do, and I believe that GDPR is an incredibly positive thing.

Businesses will need to embrace trust and adaptability and modify their governance and operations accordingly, so that work done now in preparation for GDPR works with technology available presently and in the future. For now, we can only begin to estimate and talk in terms of possibility around GDPR and the future. It will be interesting to see what happens when full compliance is reached.  Businesses and consumers…get ready!