Why GDPR is good for you

With consumer trust at an all-time low, when companies embrace the privacy principles that underpin GDPR they will attract more customers

To understand the importance and the potential impact of the General Data Protection Regulation (GDPR) to future business growth, we need to understand why it exists and what its key objectives are.

Simply put, the downward trend in trust in digital services is diametrically at odds with the EU's ambition to deliver a vibrant and world-leading digital economy.

The downward trend in trust is diametrically at odds with the EU's ambition to deliver a world-leading digital economy

To achieve that goal, it is abundantly clear that citizens (75 per cent of whom profess not to trust digital businesses with their privacy, according to the UK's Information Commissioner's Office) will have to feel a lot more confident about engaging digitally without fear that their personal lives are going to be compromised in any way.

For businesses, reversing this downward trend creates growth opportunity, plus the potential for globally competitive and differentiated services backed by strong legislation.

A new vision for innovation

The large, global online retail and social media companies have a tendency not to treat the data harvested from online transactions with due respect, putting it to use in ways their users and customers don't understand and probably wouldn't agree to if they did.

Geoff Revill

Even worse, the public's trust in digital services has been diluted by having only limited or no control - or transparency - over their personal data. It's this business culture that the EU is seeking to disrupt.

To do this requires a new culture of digital engagement that does not contend with what is already defined and controlled, but changes the basic rules of engagement. It suggests creating an alternative vision that encourages the innovation of new services or makes existing services deliverable in vastly more efficient and intelligent ways.

As a policy vehicle that reflects this shifting of the competitive digital environment, the GDPR does not stand alone: it's actually part of a tsunami of new legislation that includes the e-Privacy (Privacy of Electronic Communications Regulation) and eIDAS (electronic Identity & Trust Services) regulations, the PCI DSS (Payment Card Industry Data Security Standard), the NIS (Network and Information Systems) directive, the EU-US Privacy Shield and others. These are all underpinned by the same principled objective: return a reasonable balance of power back to the individual in order to restore their trust in digital services and drive the digital economy.

First-mover advantage

To date businesses have focused on cybersecurity, partly because the current Data Protection Act has fostered it, but also because it's good for companies to protect the digital assets they assume they own - an assumption that is rapidly becoming outdated.

This attitude and approach will by necessity change. Individuals will be able to demand the cessation of the use of personally identifiable information (PII) in marketing or automated processing, or enforce the right for its erasure. They will even be able to request the transfer of their PII to another business which they consider to be more trustworthy and treats their data with more respect.

The GDPR turns the spotlight on individual rights to privacy. It

David Goodman

requires businesses to understand they need greater authority from the individual to use their PII, rights that will be granted only if they are considered trustworthy. This is why the GDPR is a fantastic opportunity for innovators.

Many businesses have built their current digital business models on foundations that are going to be undermined by the new legislative landscape. The ways in which businesses interact with their customers are being redefined and transformed. Those that embrace the changes first get to take the prime strategic market positions.

Instead of worrying about risk mitigation for your business as you push the boundaries of what's legally acceptable, you could consider building trust by providing your consumers and customers with privacy assurance. By creating a positive customer-facing business asset, rather than an inward-looking culture focused around compliance risk, you would not be fighting the GDPR but engaging with it and seizing an opportunity.

The prize? It's simply this: when companies embrace the privacy principles that underpin GDPR, and use it as the foundation for a new style of trustworthy digital business, they will attract more customers. Those that don't will lose out.

How GDPR can reduce the administrative burden

Better still, the veracity of the data shared will be higher, leading to a better return on investment when it's processed. Yes, the GDPR will raise costs in obtaining PII; but, instead of using your limited resources to continuously validate ever more tenuously defined customer profiles in the bowels of your IT processes, wouldn't it be better to take a pro-active approach to obtaining PII and lighten the burden on your IT administrators?

If the GDPR appears like a costly overhead, it's because we are not balancing it with the strategic gains made by streamlining the amount of PII that is consented for use or for a legitimate purpose. Connecting PII more precisely to each business opportunity that arises is the new challenge.

Ten years from now European companies can - and should - be leading the world in how to approach trustworthy digital engagement and provide simplified and cost effective services. The market is changing - are you thinking about it correctly?

This article summarises some of the arguments made in the authors' report Privacy - The Competitive Advantage

Geoff Revill is founder of The Krowd.
David Goodman is a consultant at Trust in Digital Life.