GDPR (the European General Data Protection Regulation) has given rise to a transformational shift in the way companies deal with online privacy, but to some, it is still seen as a regulatory burden.
The initial impulse to design and implement GDPR programs has, for a large part, been driven by the fear of massive fines.
It may not always be obvious to companies what business opportunities can be derived from GDPR compliance to attract and retain and business and stay current in a world where algorithms, machine learning, robotics and artificial intelligence are being developed at breakneck speed. Finding the right balance between the need for innovation, heightened privacy expectations and financially-sound models is one of the keys to successful digital transformation.
In that regard, is data privacy restricting data scientists’ innovative genius? Or does it contribute to new opportunities for a thriving and sustainable digital landscape, for the long term?
Now that most of the ‘heavy lift’ has been done with GDPR, businesses can focus on turning these new rules into rewards with consumer-centric processes built around transparency, trust and ethical practices. GDPR provides an opportunity to fine-tune business approaches.
Take an impact approach
Business opportunities lie in defining one’s own justified vision of privacy impacts from a contextual perspective. From there, companies can develop innovative business development models to differentiate their offering with privacy and thus consolidate user trust and maintain high compliance standards. This fits into the privacy-by-design principle under GDPR. The approach fosters data governance structures that assess data risks from the outset of a data project to enable new data-handling and management practices that benefit the consumer as much as the data subject.
Reconcile the data subject with the consumer
In many cases a data subject (as defined under GDPR as the identified or identifiable individual whose personal data is processed) is a consumer receiving goods and services. The rise in individual awareness on GDPR rights (the ‘data subject’s rights’) is noticeable. A recent report by the European Data Protection Board, the ‘Chief European Regulator’, cites an increase in individuals’ GDPR rights’ awareness by 20% between 2015 and 2018, and reaching 58% currently. Envisaging GDPR access requests and user preferences as integrated consumer grade business services may help reinforce consumer satisfaction and thus commercial benefits.
A new business partner?
There has been a fundamental shift in the online user’s decision-making power as a result of GDPR. In certain cases individuals have applied privacy preferences as a result of their distrust in how companies use their personal information, amidst reports on major data scandals. GDPR may provide businesses with opportunities to collaborate more closely with the individual as a co-partner in key decision-making. Search engines, for example, are having to redefine how users are granted full choice and control with respect to online advertising. In doing so, they can approach regulatory requirements as a collaborative partnership with the user, resulting in new business benefits.
The saying goes that “you went to bed as a services company and woke up as a data company”. Another saying is that data is the new gold. This may well hold true by shifting our mindset from seeing GDPR as a regulatory burden to understanding the benefits GDPR investments can procure for long-term digital success.
Blog author: Christel Cao-Delebarre, Global Privacy Officer, CWT.