One of the less often mentioned aspects regarding changing data protection regulations, most notably but not solely the General Data Protection Regulation (GDPR), are their benefits in many areas we often don’t think about and tend to revolve around digital transformation in various senses.

Data protection and data privacy regulations, of which the GDPR is only one, cause and will continue to cause a spill-over effect, impacting how organizations and consumers think about and deal with data. Being ahead in that evolution offers clear benefits.

We tackled the GDPR benefits quite some time ago in a non-exhaustive list. And we don’t mean the benefits for data subjects (which are relatively clear for most now). Nor do we mean the obvious benefits for myriad companies offering services, software, guidance, training, events, consulting and whatnot, although it’s pretty clear that GDPR spending boosts cybersecurity spending, the identity and access management market, enterprise information management, the storage market and so forth.

With all those technologies and tools being enablers we especially mean the benefits GDPR enables organizations to realize. Among previously mentioned benefits: enhanced trust in times of distrust. Or as we put it: if data is the new oil, trust is what makes the new oil wells and oil pipelines function.

On GDPR benefits and benefits of data protection law spill-over effects

And it isn’t just a matter of trust in the scope of distrust. Comes in benefit number two we also previously mentioned: while organizations are talking about digital transformation, IoT (the Internet of Things), Industry 4.0, smart buildings, smart this and smart that, without a level of trust, among others in a contractual, partnership and industrial data exchange context, there is no data in the pipelines.


The GDPR benefits and consequences spill-over effect

It even goes beyond personal data. Not just because there is also a data protection reform coming regarding non-personal data but also because many new technologies are highly untrusted as are the organizations leveraging them and leveraging the oil that feeds and results from that: data becoming insights, innovation, relevance, purpose and so forth.

We don’t just mean the human aspect of trust which is a matter of perception and only can show on a personal data level if you indeed can prove and demonstrate that you do all you can to be transparent regarding the data you process (as in the GDPR data processing principles) and that you secure and manage that personal data from a risk perspective, in the first place that of the data subject, the consumer/customer/patient/work or people, in the best possible way.

If data is the new oil, trust is what makes the new oil wells and oil pipelines function.

No matter where you look trust, security, transparency and another one we’ll touch upon next, relevance, are holding decision-makers back. From the very beginning it was clear that the GDPR would have a spill-over effect on the ways we deal with data and the several technologies enabling to better leverage them, leading to even more GDPR benefits.

Below are just a few of these benefits (there are ample more):
  • Removing silos (that do slow down digital transformation to sing a really old tune as does paper to sing an even older tune).
  • Boosting data security and protection awareness and  techniques such as encryption (with the GDPR recommending encryption) in more technology-related areas concerning digital transformation such as good old cloud computing where cloud data protection was/is still an issue and, in general, security concerns still hold companies back.
  • Making work of IoT security as part of what some call the Internet of Trusted Things and of security in ample more areas where fascination, hype and enthusiasm each time seem to tend to become before security and, indeed, privacy by design.
  • Really working based upon permission, even if Seth Godin’s Permission Marketing is almost two decades old. We all know permission-based marketing but do we understand what permission really is, enable it and use the well-known personalization techniques based upon permission for the sake of whom gave permission, more or less?
  • Optimizing and speeding up those slow processes in whatever area where essentially processes travel at the speed of the mentioned silos and of data acquisition, analysis and resulting decisions, among others in the kind of decentralized networks where you would find fog computing and/or artificial intelligence that is essential in rapid decisions overall.
  • Forcing organizations to really make work of better digital customer experiences than is the case today and think about customer experience design from the perspective of people instead of still treating them as targets and names on a list. What else than rethinking the digital customer experience do unified consent management platforms such as the OneTrust GDPR consent management and Evidon GDPR consent solution enable you to do?

And it’s not just about GDPR and consent. It’s also about enabling consumers to control their preferences, to engage actively, to exercise data subject rights whereby you indeed can be forced to delete their data with rights such as the right to be forgotten.

Digital transformation strategy requires a holistic perspective – so does a strategic GDPR benefits-oriented approach

However, you need to think about it from a holistic perspective, just as a strategic GDPR approach and digital transformation strategy for that matter requires you to think holistically, de facto (another benefit) bridging not just platforms but also multiple stakeholders, from the risk and compliance people to the security team, the information management folks, staff, IT and OT teams that need to be integrated in the convergence happening in environments such as smart industry, building management and more.

Without executive buy-in and involvement, organizations will not just struggle to implement the changes required to meet compliance as research found, they will struggle to turn GDPR benefits into data-driven, customer-oriented, process-related, innovation-enabling and other business opportunities.

That “more” should also include the C-level executives as the work that is done for GDPR in fact should be seen as laying the foundations to move faster and better on their digital transformation strategy journeys, customer-centric approaches and innovative capacities where distrust, a lack of security and transparency and bad data and information governance practices really have no place. Unfortunately that benefit is missed by all too many CEOs who tend to have a rather limited lifespan in an organization and don’t always think about the longer term.

Let’s put it very simply: if data, including personal data, and customers are a core business asset and both are foundational for digital business transformation and business in a more digital world overall they deserve to be treated as such.

In fact, in these times of distrust and fast technological and societal change trust could be added as another asset. However, that idea isn’t very well understood in boardrooms all too often yet.

The changing narrative from GDPR fines to GDPR benefits in the scope of customer-centricy and customer experience

With customers we come to another point: that mentioned (contextual) relevance. We’ve been saying that the customer is so important for decades and that the customer experience, digital or not, and customer-centricity matter so much.

Yet, how successful have we really been, from the customer viewpoint that is? How easy is it for customers to engage, find their way and express what they want and don’t want? That is the opportunity and challenge ahead.

The days that security was an afterthought should be over – in practice that is far from the case.

And it’s good to see that finally the whole GDPR narrative is moving from GDPR fines to GDPR benefits and turning all the work to do in this new age where trust is key on all levels into competitive benefits, true enhanced relevance and customer-centricity, a real opportunity to streamline data flows and leverage data, a genuine chance to improve customer experience instead of saying we do, apply far better cybersecurity techniques, be more conscience of risks and really value data as a currency and their owners as, well, owners of that currency.

Everyone loves to talk about data-driven marketing, the so-called data chaos challenge and opportunity, the connected device IoT data deluge, data exchange models and more.

ROI on GDPR benefits: what data really means in digital business

The thing with data is that you can indeed have a whole lot of it and that there is even more dark data. Yet, just as dark data becomes important data when there is a purpose to start using it, so do personal data and customer data become important when we use them for the sake of relevant customer-oriented actions.

Permission marketing is close to two decades old. It’s time to rethink what permission really means and how data-driven permission-based tactics of personalization can truly offer relevant value.

That – and far more – is what properly preparing for a changing attitude regarding data protection, personal data and stopping the abuse of personal data usage by some large companies should bring to mind when you hear GDPR compliance, not clocks (although we of course are not blind for the challenges in practice and the difficulties encountered by most organizations really).

If a consumer withdraws consent or doesn’t want his/her data processed then why would you want to have, let alone use his/her data and wouldn’t you focus on the possibilities you have to engage them otherwise, engage others and make your marketing and customer touchpoints more valuable?

With data and customers being key business assets they both deserve more attention. In these times of distrust and fast technological and societal change a third asset can be added: trust.

If trust is paramount in data transactions in industries and really the very reason why so many industries look at blockchain technology then why wouldn’t you make sure that your data is accurate, valuable, purposeful and relevant enough to move ahead in digital business?

Thinking about the words of the ‘inventor’ of smart contracts, going back quite some time already: in a scope of digital business in the broadest sense interactions and transactions between people can be thought of as contractual agreements. With data being that new currency and oil the ownership, protection, accuracy and usefulness of the data and how/why/when the data is leveraged, regardless of application and nature of transaction or ‘contract’ (from permission in marketing to data exchanges in industrial applications), including data flows between machines and systems, need to be revisited. Or, as the people at AppNexus put it at the occasion of the launch of the draft technical specifications of the IAB GDPR Transparency and Consent Framework: “GDPR reaffirms the importance of a social contract between publishers and consumers”.

So, what’s your ROI on changing your data-related or data-driven whatnot optimization going to be, in the scope of regulation such as the GDPR, the changes they clearly bring along and far beyond?

Leveraging GDPR benefits: the choices and challenges

Maybe we are naïve. Not just about these GDPR benefits but, more importantly, about how organizations can and will leverage them.

Research regarding the evolutions in forensic data analytics evolutions, announced in January 2018, clearly showed a disconnect between concerns with regards to data protection and privacy regulations among risk management business professionals and the degree of preparedness (in the form of a plan).

According to research only 26% of IT decision makers say their board of directors and executive business management are aware of and involved in their
GDPR program which by definition means the GDPR benefits for the organization aren’t recognized enough.

There is ample more research in the scope of awareness of privacy laws, showing similar disconnects. And there definitely is a disconnect between perceptions regarding GDPR compliance and the reality which shows a lack of executive buy-in.

The lack of executive buy-in and all these mentioned surveys (there are far more) that look at various stakeholders in an organization (depending on the scope of the research) and how they approach GDPR essentially show that de facto GDPR is usually treated as a project, a pain, a matter of one or a few divisions and not as the opportunity it could be when GDPR benefits lead to improvements in so many areas such as the ones we mentioned.

On the other, hand it’s not really that surprising. There have been ample opportunities before and most certainly also outside of the scope of regulations, to rethink the way we deal with data, enhance customer experience, raise engagement overall, become far better at marketing, innovate and so forth in the past.

Design for better digital experiences – it is what the GDPR really forces organizations to do and what hasn’t worked well so far.

They include phenomena such as social business, integrated marketing, CRM and customer experience management, customer-centric content marketing, evolutions in information management and certainly digital transformation (with myriad technologies), essentially all enabling a more holistic perspective, the end – or at least bridging – of silos, a more holistic view on customer touchpoints and experiences and higher integration/convergence for smoother processes and competitive benefits.

Those that saw these opportunities/challenges/evolutions and turned them into real benefits today are already leading on several fronts. It’s a safe bet to say that those who manage to turn GDPR benefits in better ways of doing what they did will also lead and reap those benefits.

For the mentioned data about executive buy-in, awareness and involvement regarding the GDPR check out this Proofpoint research, “The Great Disconnect” (PDF) which we tackled previously.



Top image: Shutterstock – Copyright: 24Novembers – Although the content of this article is thoroughly checked we are not liable for potential mistakes and advice you to seek assistance in preparing for GDPR.