Skip to main content

Afraid of GDPR? Here’s why you shouldn’t be (and how to embrace it)

(Image credit: Image source: Shutterstock/Wright Studio)

Everyone has a digital identity now, and data is a fundamental part of it. In the past few years alone, humans have created more information than ever through smartphones, connected homes, and even medical treatments. In fact, by 2020, we will be creating 1.7 megabytes of information each second for every person on Earth, according to EMC Corporation. 

Digital businesses built around this information economy have sprouted up everywhere. Every other industry has invested significantly in digital transformation and data-driven growth. With every industry harnessing personal data, consumers are understandably more concerned about how their data is used and how much control they have over it. 

To address those concerns, the EU is set to introduce the General Data Protection Regulation (GDPR) by May 25. The regulation states, first and foremost, “the protection of natural persons in relation to the processing of personal data is a fundamental right,” and it has sparked an unprecedented global conversation about the awareness of data protection and control in the digital world. 

It has also created a panic among company executives who do business in the EU. Personal data includes any data related to an identifiable person, and most companies have staked their livelihoods on strategies driven by that data. Therefore, many executives consider GDPR a giant threat. Yet from a different perspective, it could be another step toward companies using data to create trusting, meaningful relationships with their consumers, which is the heart of true consumerism. 

Is data protection really a threat? 

Companies fear that GDPR will undo all of the data-driven technologies, strategies, understanding, and insight that they’ve invested in over the past several years. The new regulations require substantial companywide transformation, and the penalties for violations have sharp teeth. Fines can reach up to 20 million euros or 4 percent annual global turnover, whichever is higher, and most companies are not prepared to comply — in fact, only 8 percent of businesses have made the changes they need to prepare for GDPR, and a quarter of business leaders aren’t even aware of the new regulation, according to consulting firm RSM. 

To date, the default practice for collecting data has been to gather as much as you can and figure out what to do with it later — or worse, allow third parties to access and use it without permission. Facebook has learned this the hard way through its crisis with Cambridge Analytica, when approximately 50 million Facebook users had their data harvested without their knowledge or permission, as reported by The New York Times. 

With GDPR in play, that’s no longer the case (at least in Europe) — and that’s OK. Clean data is good data. It is permissioned, and it means consumers want to reap the benefits a company can offer from gaining insight. That leads to better decisions and more valuable customer experiences, and it starts with transforming the processes of giving and removing consent.

Gone are the days when a form can have an automatically ticked box that grants unlimited permission for personal data usage when users download free software. Consent must be a direct action, with privacy and individual control as the default setting. Everyone who was previously opted into digital marketing must be proactively re-opted in, and the process must be short, transparent, and devoid of legalese. 

In essence, companies have to explain what data they collect and how they use it to make money. They must also give customers the ability to say "no" to personal data use without it affecting their access to products like Facebook. This means customer engagement will change dramatically, and the entire world of freemium-based applications requiring implicit data consent might implode. Customers can now say "no" to that and use the product for free anyway. 

To consumers, though, more information and control over their own personal data is a much-needed breath of fresh air. In light of the Facebook scandal, more and more people are choosing to delete their accounts in order to prevent unauthorized access to their data. And in the week after the news of the scandal broke, Facebook's market value plummeted by $50 billion. 

Consumers are tired of having their data used without their consent. Controlling their data — and dealing with companies that respect their right to control it — is why GDPR is a win for consumers and the executives who put them first. 

Using GDPR as a framework for improvement 

Any change of the magnitude presented by GDPR can be scary, especially when it affects a company's entire business model. This time, the very paradigm of being data-driven is changing, but it will result in better brands with more loyal customers.

A simple, delightful, transparent, honest, and trustworthy customer experience is the mindset that you need to instill throughout your company culture. These four tips will help you use the new regulations to do it: 

1. Use size to your advantage 

GDPR levels the playing field regarding the rules of engagement with personal data across all EU member states. Small and midsize enterprises (SME) with an annual turnover of 2 million to 50 million euros are less prepared than their bigger counterparts, and up to 90 percent of these types of businesses are not ready for GDPR, according to the Federation of Small Businesses. However, SMEs are typically leaner and more agile, so it’s easier for them to get their act together faster. 

Having a smaller enterprise means you have fewer people to bring together and get up to speed, and you can integrate companywide changes more efficiently. If your company is a new entrant, such as a venture capital-funded startup, you can excel at privacy by design from the beginning. Make it part of your innovative disruption strategy. It will be easier to blow past bigger players who are still learning to be compliant in more cumbersome and conservative ways. 

2. Integrate GDPR throughout company culture 

Educate the marketing team and create an ongoing companywide internal communications campaign that puts GDPR in a positive light. Explain how doing it right will create more valuable, meaningful moments and how better experiences give customers reasons to happily give consent to access their data. Delightful consent to their data means they’re also more likely to open their wallets and make a purchase. 

Embed the connection between GDPR and better customer experiences into company culture by keeping internal communications going. There are many open questions and points that will be more precisely defined in court over the next few years, so stay tuned in to news on the regulation's developments. 

Furthermore, the EU's supplemental e-Privacy Directive (often referred to as the "Cookie Law") is on the horizon for late 2019, and that will also be a big interrelated topic. Keep the entire company well-informed, and meet regularly with the chief legal officer and data protection officer (or company advisor) to discuss changes, implications, and what to communicate next. 

3. Collaborate cross-functionally 

Data and technology have never been more forcefully positioned at the heart of visibility, transparency, and customer experience. To adapt properly, make GDPR everyone’s project by making it a collaboration between the chief data officer, the chief marketing officer, the chief technology officer, and the chief product officer (or equivalent roles). Collaboration is essential when it comes to classifying data, managing data, and crafting governance to ensure the value creation process thrives. 

For example, digital data is the power modern CMOs use to attract loyal customers. CTOs define and build the architecture to execute marketing and business strategies with secure technology. CPOs lead the creation of new, monetizable digital products and services in line with evolving customer desires. All are responsible for executing their roles in harmony and laying the foundation for the company’s strong future through collaboration. 

4. Don’t be too conservative 

One outcome of GDPR will be the demise of companies that take an ultra-conservative path. They’ll lose their ability to leverage data as their most valuable asset. Don’t look at the regulation as restricted access and become too conservative in trying to harness data. Instead, consider it a framework for rethinking value-based experiences and putting customers’ rights at the heart of analytics, marketing, and service personalization processes. 

When viewed from that perspective, I believe GDPR is an opportunity for clever companies to gain a significant competitive advantage. Those who prepare for it can transform every customer experience into one that creates trust, honesty, and loyalty to their brands. 

GDPR might seem like a threat to some businesses (and many a digital marketing agency is currently melting down), but it’s a direct result of the people screaming for more control over their data. They distrust digital advertising, but they still love their favorite brands and products. They want to trust, and that means controlling what is fundamentally their right to control: their own data. 

This makes GDPR the most customer-centric legislation that businesses have ever faced. Great brands have a window of opportunity to leverage this. It’s the dawn of a truly customer-centric era, when brands can reinvent themselves based on what their customers really want. 

Sandy Hathaway, Founding Partner of Exit3x (opens in new tab)  

Image Credit: Wright Studio / Shutterstock

Sandy Hathaway is a founding partner of Exit3x and also co-founded technology startup RetentionGrid, which has worked with data from tens of millions of consumers.