October 27, 2017

The Strategic Advantages of GDPR

As consumer sentiments on data, its use and protection evolve, businesses adopting GDPR can benefit from several strategic advantages.

How is your data being shared, used and protected? In a data rich, cloud-enabled economy, organizations must understand consumer sentiments on data, its use and protection are evolving.

The information age continues to provide consumers with a deep understanding of how, what and why their personal data is used and generated. For many consumers, sharing personal data in order to gain access to insight derived from analytics can outweigh personal risks. For example, when it comes to genomic sequencing, health care or personalized retail experiences, users are more than willing to disclose their personal information in order to gain faster, more convenient and relevant shopping experiences. The wheels fall off the bus when companies utilize deep legal provisions in contracts to provide their data to third parties to engage in additional sales.

GDPR is the “it” kid in school right now. For many companies that operate across countries using cloud-based architecture, GDPR may instigate fear and distress. This is the global economy facilitated by evolving technical innovation. We shouldn’t stop that innovation; we should encourage it. Moreover, companies should not fear GDPR compliance; they should embrace it for its strategic advantages at home and abroad.

Four Strategic Advantages of Adopting GDPR

1. Data Portability and Right to Erasure Leads to Customer Trust

When customers are given the opportunity to see what personal data is being collected and how that data is used, trust is built. Customers feel empowered. It also gives customers the chance to correct any inconsistencies or ask that data be removed. While GDPR pertains to EU citizens only, companies that offer this same data access, control and protection to customers in the US will set themselves apart as trustworthy and respectful of their customers.

2. Greater Efficiency through Data Collection and Minimization

At first blush, minimizing the data you collect may seem frustrating. By and large, most organizations do not regularly assess what is located within their technical boundaries or hosted in cloud-based environments by third party vendors and partners. This is a mistake as consistent data analysis leads to greater efficiency in time and resources. GDPR forces organizations to constantly evaluate their data and rethink how their data is collected and stored. It forces them to think about what data needs to be cleansed, and what needs to be kept. The resulting efficiency of this mandate is a tremendous benefit to organizations as well as customers.

3. Better Customer Service through Voluntary Opt-In Mindset

Shifting to an opt-in mindset from an opt-out mindset may be a difficult task for US companies. Historically, we have only had to allow for an opt-out opportunity for customers. From CAN-SPAM to cookies, consumers were provided the guidance on how to get out of the tracking or consistent online advertising. Now, the EU transitions to conspicuous opt-ins and more stringent requirements for special categories of data, such as biometric data.

An organization that adopts this privacy by design mindset can stand out as one that believes consumers should have more choice when it comes to tracking and data collection.  Organizations can focus on strategic data disclosure that enables them to provide the best customer service and ultimately, establishes loyalty and retention.

4. The Data Processor-Data Controller Relationship Can Lead to New Customers

Dependent upon your company’s technical infrastructure, the use of third parties in and outside of the EU is likely. The criteria around responsibilities on security and on disclosure to supervisory authorities make these relationships vital for all organizations. GDPR necessitates transparency and education around data to ensure all parties involved follow regulations to safeguard the individual rights of EU citizens regarding access, use and protection of their personal data. GDPR compels companies to truly partner, open channels of communication and work in tandem. The by-product is potential new revenue streams and exposure to new markets and customers.

Overall, GDPR changes the view of providing all this data to companies. Consumers feel more comfortable unearthing the power of data because they are aware of the concern the company has for it as well. Compliance is always a unique motivator, but more than anything, GDPR will present the opportunity to strengthen trust and drive larger brand and economic Impact. Take a look at our Privacy Tracker that helps you stay up to date with every privacy regulation.

About the Authors

Christina Whiting is the managing director of Compliance and Enterprise Risk at Tevora.

David Grazer is a consultant on the Compliance and Enterprise Risk Team at Tevora.