Over the past year, you’ve no doubt been bombarded with news and opinions on the GDPR. “Who will be affected?” “Are you prepared?” “Will the deadline be extended?” “How are we going to find a Data Protection Officer in time?” “What even is a Data Protection Officer?” GDPR, as you know by now, is the highly discussed, not-so-eagerly anticipated General Data Protection Regulation that takes effect in T-minus 8 weeks.
Rebuilding Customer Trust
Here at Axiomatics, we’ve talked with EY on practical approaches for tackling ‘privacy by design’, we’ve written on GDPR as a driver for digitalization, and we’ve offered up long-term solutions for compliance. However, one topic I haven’t seen much written about is the benefit the regulation passes on to customers. So much emphasis has been put on the organization storing and using the data being compliant, that we’ve forgotten the core purpose of the regulation: to protect the people who, in fact, own that data – your customers.
By raising the standards for data management and protection (and creating a host of new fines for those who fail to comply), the EU is empowering consumers to take back control of their data and looking to decrease the number of data breaches. In a recent TED Talk, Susan Etligner of Alitmer Group, got to the heart of GDPR:
“GDPR is about rebuilding trust”, says Etlinger. “The erosion of trust in institutions is a key driver of data compliance regulations. GDPR is about rebuilding trust with your customers; it should not be viewed [merely] as a compliance exercise.”
We trust corporations and government agencies with our personal data daily: banks (financial data, DOB, SS#), insurance companies and healthcare providers (private health records, DOB, SS#, prescription information, and other PII), our life stories, location, and complete digital identities are handed over to social media, consumer apps that require our financial information for transactions (Starbucks, Venmo, etc.), our locations and routines (GPS, Google Maps, FitBit) and not to mention all the third parties these organizations employ to organize, analyze, and optimize said data.
The complexity of an enterpise’s ecosystem often undermines the intent for customer data protection. Limited IT budgets and unchecked third parties often result in misaligned objectives, incomplete security activities, and holes in data protection and security. If organizations want to be trusted by their customers, they must review and prioritize the critical information and data assets they hold, and identify how that sensitive information is being used across the business, for the good of the customer and their bottom line.
The Value of Data Loyalty
“Trusted companies approved to hold your data win,” says Dr. Alea Fairchild, a Research Fellow at The Constantia Institute. Take Google, for example, one of the most profitable companies in the world that we trust on a daily basis. What do they sell? At the core of their business, they collect your data and sell it to advertisers who can use your data to do a better job of targeting you with more relevant ads and create more pertinent content-driven experiences.
Amazon, likewise, has thrived in ecommerce precisely because of the treasure trove of data it collects on every purchase you’ve ever made with them.
Companies that are transparent about the information they gather, give customers control of their personal data, and offer fair value in return for it will be trusted and will earn ongoing and even expanded access.
Meanwhile, when we see organizations attempt to conceal how they use personal data, allowing outsourced and third party companies uncontrolled access while failing to offer value for it, problems ensue. When the news becomes public, it can send company shares yo-yoing (e.g. – Facebook and Cambridge Analytica), and these companies stand to lose customers’ consideration – and their business.
A coordinated approach between data and loyalty can deliver improved customer experiences by relating to customers as individuals, leading to longer, more profitable relationships. Analysts agree the trend is likely to continue into the foreseeable future.
Preserve Customer Data with Access Control
A key theme within the GDPR is the control of who has access to digital assets that are covered by the update. As the CEO of Axiomatics, I believe one way a business can take charge of their access control is by employing dynamic authorization.
Dynamic authorization brings context awareness to the way data is shared, giving data access to the right people, at the right time, from the right location and device, while denying access to those who don’t need it (based on role, location, time of day, device, etc.).
Dynamic authorization can do more than just protect who receives access to sensitive data. In a GDPR context, dynamic authorization supports the establishment of intimate trusted customer relationships by balancing privacy protection, risk management and security practices. This can further solve a variety of GDPR requirements.
GDPR is positioned to become a 2018 industry standard in the US shortly after it takes hold in Europe. Don’t be blindsided in June of 2018 when your customers expect to take ownership of the data you collect on them.