With the deadline for GDPR implementation nearing in May 2018, many responsible businesses will be putting in place the processes, policies and structures necessary to comply with the legislation and, just as important, to demonstrate their active compliance with the law.
Although compliance and the associated expenses are a cost, there is a potential benefit that can easily outweigh that cost.
That benefit is increased business trust, most specifically the increased belief of customers in your companies’ trustworthiness. Carefully nurtured, the relationship benefits of straight dealing with your data has the potential to unlock business beyond simple one off transactions and towards sustainable customer relationship growth.
Trustworthiness, literally to be worthy of trust, is a key element that customers take into account when they form the decision to trust and be willing to let the other, trusted party, carry out actions on their behalf.
GDPR strengthens business trust by making trusted parties more accountable for their actions with customer data, enhances the sense of control for customers, and in showing respect of their privacy, makes them more confident in their trust decisions with businesses.
The anticipated effects of the regulation on the drivers of trustworthiness and customer control, and their potential to affect customers’ perceptions of business behaviours are:
Above mere compliance, businesses must now be able to demonstrate that individuals’ data are processed in a lawful, fair and transparent manner; that data are collected for specified, explicit and legitimate purposes; and that information is adequate, relevant and limited to what is necessary.
Although some companies have argued that this restricts their freedom to innovate, customer focused, forward thinking data processors would generally not disagree with the sentiment that the data should be collected ethically, especially where this involves private data from and about individuals. As part of a wider landscape data processors are themselves data subjects in their private lives.
The current usage, trade and brokerage in personal data has tarnished the reputation of many organisations. Individuals are reacting to this by sending misleading data, withholding consent, and seeking legal redress for distress and privacy compromise. If reputation is what is said about you or your organisation, sending messages about your compliance with the regulation will be a positive boost to positive engagement.
The regulation still provides room for innovation in services and insight from the large and growing body of data available and including of data privacy impact assessments will ensure that this is done in a way that is sensitive to the values of the users’ who provided it.
The data must be accurate and kept up to date and those data that are inaccurate must be erased or rectified without delay.
Accurate data kept securely lends weight to claims of consistency and integrity for organisations. Data cleansing, wrangling and formatting make up most of the time and expense involved in analysis, and innovation with data can only be relied upon if the data is good. With GDPR controls in place companies should benefit from increased data reliability, lower cleansing costs and better data integrity.
GDPR compliance strengthens fairness and extends the notion of informational justice to the responsibilities of the trustees of the data. Strengthening these obligations will improve the view of customers who deal online, or who are in a reliance situation with their suppliers.
Backed by the force of large fines and imposing time limits for breach notifications, the legislation seeks to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss. The legal framework of legislation gives strong incentives for companies to be transparent and truthful in their management of customer data.
Many well regarded companies already observe high standards when dealing with customers and the GDPR will merely help the process of building confidence that all compliant companies are worthy of our trust. It adds the weight of social norms, customer concern and benevolence towards individuals that will benefit data controllers and processors.
As well as strengthening the conduct standards the provisions of the GDPR are designed to foster a sense of control for data subjects.
This is an important part of the legislation, as the protection of privacy, and safeguarding the vulnerabilities of citizens are the major challenges facing many users, who find that their personal details are being traded, leaked and used for purposes that they never signed up to, or consented to allow. Unauthorised usage and dissemination of personal data devalues the business to customer relationship by fostering a distrustful attitude to data disclosure.
Recent high profile data breaches at companies have made headlines, but the lessons of customer data loss (reflected in lost share value and damaged reputations) appear to be ignored in a business atmosphere that treats customer data as a product. Personal data that is a given by users has arisen as a result of who they are. These data are a proxy for their most precious attributes and should be treated with care and respect.
Customers are more willing to forgive companies when they can demonstrate that they did everything they possibly could, and will punish behaviour they attribute to poor management attitudes. Although not all customers are activists, the passive resignation of people to data loss reflects a feeling of helplessness rather than an endorsement of the status quo. Customers may hold back on judgement if companies are forthcoming about the causes of data loss, but will seek revenge against those they see as exploiting their vulnerabilities.
Evolution has conditioned humans with betrayal aversion mechanisms, and companies that allow continued breaches of trust to happen risk paying a high price for their neglect.
Mandatory breach notifications may sound draconian, but they attempt to bring the focus back to trust – it’s better to admit fault early than to let the problem fester and undermine the confidence that your customers have in you and your services.
The implementation of GDPR is designed to create the conditions for citizens to have confidence in the use of their personal data in online environments.
Implementing the GDPR can contribute towards the perception of good business reputation. In turn this will boost the confidence of consumers in dealing with these companies over other, less trustworthy ones.
Having companies that they can believe in, and that will not treat customers opportunistically and exploit their vulnerabilities will temper the fear and distrust many users still feel when passing their information online.
It is necessary to take these steps before May 2018 to foster greater customer engagement, to rebalance the equation of information towards justice, and in so doing ensure a vibrant, innovative and growing online economy that allows its’ participants to enjoy peace of mind and pursue personal goals without the distress of inappropriate disclosure or privacy invasion.