Close ☰
Menu ☰

Why complying with GDPR is not enough

Posted on: Tuesday 15th of May 2018

The next digital titan will come out of Europe – or at least it should – courtesy of GDPR. More broadly it will trigger a new dimension for competitive advantage across all sectors and most of the globe – given the spread of GDPR-like regulation – privacy-respecting innovation.

One of the biggest innovation opportunities we have is combining data that has historically resided in silos to create new value. Imagine integrating a digital supermarket receipt with a database of nutritional information so you can understand how healthy your household’s weekly shop is, or with a price database that enables you to identify options for saving money. The wider the number of data sources you include, the greater the benefit that combining data delivers.

Such value doesn’t exist in aggregate, it is specific to each individual. So value can only be created if the data is integrated around the consumer with the consumer in control. Thanks to GDPR, this source of innovation should be one in which European businesses have an innate advantage.


The Compliance Approach to GDPR

Those of a certain age will remember Lord Andrew Lindsay in Chariots of Fire seeking to clip every hurdle without spilling champagne from the butler-filled glass on each one. That is the approach most businesses are taking to GDPR compliance, arguably it is the standard approach to all regulatory compliance.  But the innovation and growth opportunity outlined will only be unlocked if this prevailing approach of minimal viable compliance with GDPR is replaced with the opposite mindset. (Think jumping two hurdles in one go.)

This involves embracing GDPR’s underlying philosophy – putting the consumer in control of their data – as the next big trend, using the constraints it introduces as a stimulus for innovation – the innovation that makes it valuable for consumers to take control and enables them to use their data for their benefit.

As the raft of exchanges on Twitter and LinkedIn will attest, the vast majority of effort over the past few months has been directed towards complying with the specifics of the regulation – whether an organisation can use legitimate interest as grounds for processing, has pre-existing consent, etc.

That is understandable – no one wants to risk the reputational damage and cost that will come with a large fine, nor lose the ability to contact customers when such an outcome could be avoided. And there remains work to do – recent surveys suggest that less than half large firms will be fully compliant by 25 May and less than 10% of small businesses (albeit that some larger companies, in particular, are taking a deliberate risk-based approach to the level of compliance achieved).

So while compliance is necessary, the real question is whether it is sufficient in a world undergoing a profound shift in attitudes towards data. The downside of regulation is that it sets a minimum standard – a hurdle to be skimmed over with minimal unnecessary energy. Responsibility is passed to people whose focus is on limiting the downside – minimising risk and cost – rather than seek an upside in the form of new service creation and revenue growth. In the process, a major opportunity cost is created.

Most regulation is designed to protect the interests of consumers. If a regulation achieves this goal, exceeding it is a potential source of customer value – we will exceed the capital requirements ratios because we want to be the safest bank for your money, we will make treating customers fairly a dimension on which we are going to compete, etc.

In the context of GDPR, that would be – you will be able to trust us completely with any data you share and we will ensure that we give you a Return on Data Shared (RODS is a great sounding metric) by providing you with insights that help you overcome the information challenges you face. (Note: the proposition of ‘you provide us with data so we can personalise our messaging to you and sell you more’ rarely delivers a positive RODS for the consumer.)

Helping consumers overcome their information challenges is a great way for any business to build loyalty and become an influencer – particularly at the early stages of a customer’s buying journey where the biggest obstacles to progress are informational. And it simply requires redirecting some of the marketing budget to helping customers achieve what they want rather than single-mindedly focusing on the company’s desire to propel customers through the funnel as fast as possible.

So why is this important?  Because the feedback from customer research is saying so.  A number of businesses that initially wanted to use consent as their grounds for processing found that they would only get somewhere between 10% and 25% opt-in rates.  But rather than seek to answer the business question – why is our marketing valued so little by our customers? – the reaction has been to use the letter rather than the spirit of the legislation and default to legitimate interest as the grounds for processing.

That may be a short-term salve but it isn’t dealing with the core issue that if you can only persuade a fifth of your customers to opt-in, the vast majority of your direct, or digital marketing spend is at best wasted and at worst an irritant.  And it is a relatively easy fix with the right approach. The highest opt-in rate we have come across is 50% – double the best seen elsewhere – because the company’s marketing provided its customers with valuable information and was therefore genuinely useful to them.

The more resource-constrained we are, the more resourceful we have to be. We are entering a world where access to data is likely to be increasingly constrained. Those that succeed will be those that are able to create a powerful value exchange around data.

GDPR can be a springboard for success. But for that to happen it needs to be seen as prescient legislation heralding a major shift in consumer attitudes. Responsibility for GDPR needs to pass from compliance functions to marketing and innovation teams. And the constraints it introduces need to be embraced – seen as a dimension for competitive advantage and a trigger for innovation.

Jack Springman is Head of Consulting at Ctrl-Shift, an innovation consultancy that helps organisations create services that build trusted and valued customer relationships by putting the customer in control of their data.