In the year leading up to the 25th May 2018, the General Data Protection Regulation (GDPR), to consumers, was best known as a continuous series of arduous rapid-fire, opt-in/opt-out privacy notices from organisations. For businesses, it was the cause of tension, confusion a rush to ensuring compliance for fear of a maximum fine of 4 per cent of global annual turnover, amounting to €20 million. Businesses simply could not afford to take any risks when it came to data consent. A year on, long gone is the stream of emails asking for consent, and to some organisations, GDPR has proved an all-round inconvenience and challenge. Any organisations that doubted the severity of compliance have been proved wrong. This year has seen European data protection agencies flexing their muscles, issuing fines totalling €56m for GDPR breaches, from more than 200,000 reported cases – and watchdogs warn that they are just getting started.
An assessment from the European Data Protection Board (EDPB) found that, in the first nine months, there were 206,326 cases reported under the new law from the supervisory authorities in the 31 countries in the European Economic Area.
So, what has the regulation achieved so far? It naturally carries negative responses from organisations, and hard-hitting headlines about large scale data breaches don’t seem to have disappeared. The Cambridge Analytica scandal highlighted the true scale of mismanagement of people’s data, and the regulation has made us more ‘data aware’ than ever before. GDPR was criticised for many reasons, including suggestions that GDPR will negatively impact relationships and communications between customers and clients and subsequently damage customer experience as it will make everything that much harder. The opposite is happening, as trust and consumer control is on the rise.
Increased consumer control
Scandals in the media remain fresh in the minds of customers and people mistrusted even the mention of ‘data’. Consent lies at the core of GDPR. Clarity around consent, which made it easy for consumers to opt in and out of services, spam or marketing benefited the consumer instantly, putting them in control.
Therefore, ensuring a customer has the choice to opt in or, indeed, out, to the use of their data was the vital first step in complying to GDPR. Once a customer had opted in, their data could be legitimately drawn from to personalise their experience, inform messaging and reduce friction in their customer journey.
Under the new legislation, organisations have been forced to state why data is useful to them and be specific about how it will enable them to deliver a more targeted and seamless customer experience. This has included simple reasons such as explaining that a birthday is stored so special offers can be made, or why holding multiple addresses for a customer will aid the delivery process if a parcel can’t be delivered to your home address when you’re stuck at the office.
Increased trust correlates with increased loyalty and has enabled organisations to understand how customers interact with a brand across devices and channels. The GDPR has shone a spotlight on an organisation’s disparate internal data, and made organisations unify the large quantities of information into a single view. With a better view of the customer journey, including where, when, how and why they’re communicating with a brand, organisations are better analysing this information and using the insights to drive more personalised customer experience strategies that are of benefit to the customer.
Design based trust
The GDPR regulation has transformed the way services and products are built. The regulation has introduced new obligations that require organisations to integrate data protection concerns into every aspect of their processing activities. This approach, ‘data protection by design and by default’, is a key element of the GDPR’s risk-based approach. It focuses on accountability, and the ongoing requirement that you show your commitment to compliance and ensuring data is private and protected.
It has been a challenge for companies, particularly those that have legacy processes and aging technology to suddenly switch to building products and services that are compliant. This is a large part of a culture shift that is benefitting both organisations and customers, as the design for better digital experiences – what the GDPR is all about – improves operations, marketing, return on investment on certain technologies.
Much like building a house, contractors can’t achieve anything without the appropriate foundations. The benefits of privacy by design haven’t and won’t be noticed straight away, and are more important for long term success. There is no “best for business” option in regard to privacy; only for the consumer, and it helps to build trust and keep services and products secure, which, in the future, is better for the business.
Raising global standards
One of the best aspects of GDPR is that it doesn’t just affect businesses inside the EU. Global consumer control is also on the up and companies were forbidden from simply moving data outside EU to misuse. As we know, even if you’re outside the EU, if you want to work with any companies inside it, you must also be compliant. There is a list of secure countries for which the European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision.
In these countries, national laws provide a level of protection for personal data which is comparable to those of EU law. These include Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, New Zealand and Switzerland, Uruguay and USA (if the recipient belongs to the Privacy Shield.
GDPR is raising the standard for data protection and could be the first step to a global initiative. If it continues to be successful implemented in the EU the chances of it influencing international practice will be much higher. This requires consumer control and awareness of their data rights to increase, as the power they have over their own data will drive adoption of a similar regulation worldwide.
Essentially, the last year has made businesses more transparent with the use of customer data and it has made it easier for them to communicate with other business and customers. This, in turn, has empowered businesses with the tools to deliver a streamlined customer experience and for those that have put in the ground work to get it right, a competitive advantage.
Joe O’Reilly, IT & Security Manager, Engage Hub
Image source: Shutterstock/Wright Studio