Four Ways to Use GDPR as a Strategic Driver

Four Ways to Use GDPR as a Strategic Driver

Post May 25, 2018, per the General Data Protection Regulation (GDPR), companies with business ties to the European Union need to comply to GDPR standards. The cost of non-compliance is huge, but the regulation is meant to benefit individuals as well as businesses. Let’s look at what it can unlock for you and your brand if you approach it in the right way. What about being able to say that you are the safest enterprise in your marketplace when it comes to data? How about if you can not only reduce operational cost but can also create new revenue streams by being compliant to GDPR and other upcoming regulations?

1. Replace Legacy Systems by Future Proof Cloud-based Applications

When companies are taking steps to comply with GDPR, they are required to perform a ‘spring clean’ of their data, which can in turn lead to multiple efficiency gains. Organizing data improves the way firms carry out analytics and take business decisions. To comply with the regulation, companies must be able to illustrate the entire data flow - how data comes into the company; how they store and manage it; and how they treat it at end of life. This will encourage businesses to replace legacy systems by flexible cloud services to be more nimble and transparent especially when regulatory regime keeps evolving. In addition, most large enterprises have grown through M&A. Thus, they can look at GDPR as an opportunity to get rid of obsolete software and accelerate application retirement.

2. Gain Brand Loyalty and Attract New Customers

Companies can leverage GDPR to change the landscape from risk mitigation to improving their long-term competitive advantage. They can see early GDPR compliance as a competitive differentiator and position themselves as leaders of an emerging new normal. We trust those businesses who values our privacy beyond mere legal compliance. Thus, GDPR is an opportunity for businesses to get their data in order, get compliant and become consistently transparent with their customers. In a post-GDPR world, data sharing would be seen in the context of mutual respect and value exchange. It is an opportunity to re-connect your business with your current and potential customer base and start a new relationship based on mutual trust and responsible personalization.

3. Invest for the Future

The criticism that GDPR compliance might restrict innovations in AI ignores a subject’s right to privacy and consent. In fact, not being GDPR compliant would impose far more constraints on data collection and processing, slow down the ability to leverage innovations in AI and pay an opportunity cost such as market share losses in the future. Read this article for more details - Understanding GDPR and Its Impact on the Development of AI. In addition, in an era of data-driven innovation, business partners need to work together across the value chain. Data-driven innovation requires a clear understanding of the data to be collected and the reasons for collecting it. There are double opt-ins in such value chain: both partners need to be clear about what data they have about each other, and why. It’s very important that their data sharing practices are compliant with GDPR and other upcoming data regulations. As a first step to GDPR compliance, companies must define the scope of GDPR-relevant personal data that is collected, processed, and shared. Once a company identifies the scope of GDPR-relevant personal data, it should catalog all internal and external data sources that fall within this scope.

4. Execute A Delicate Interplay of Offense & Defense Data Strategies

In the post-GDPR era, personal data protection will become a data strategy issue. To comply, businesses need to have solid data organization and data governance in place. The GDPR gives companies the opportunity to holistically re-assess all their data, not just personal data. Data defense is about minimizing regulatory risk and preventing theft. Data offense focuses on increasing revenue, profitability, and customer satisfaction. Strong regulation in an industry (e.g. financial services or health care) would move the company toward defense; strong competition for customers would shift it toward offense. The CDOs and the rest of the leadership should see GDPR as an opportunity to establish the appropriate trade-offs between defense and offense to support company’s overall strategy. Read this blog post for more details - Is Your Data Strategy Defensive or Offensive? Why Not Both?.

Data is a company’s most important asset, and it’s constantly growing. Taking mandated compliance and turning it into an opportunity to personalize, delight and exceed customer expectations would fuel innovation reliably and responsibly.