The European Union's General Data Protection Regulation is designed to protect individuals' personal data and facilitate the exchange of information for businesses that operate in the EU. It has new requirements for data collection and processing that include hiring dedicated data protection officers to safeguard personal information of citizens. And those requirements must be met by the looming deadline of May 2018.
The introduction of this regulation has resulted in a flurry of surveys and opinion articles describing the regulation and its requirements, with vendors and consultants gearing up to help.
However, few have actually looked beyond the compliance requirements and tried to answer a broader question: Is this regulation actually good for the business?
We think it is. And we can explain why.
While citizen’s personal data has been thus far protected by numerous laws across different countries and frankly, its privacy has not been taken seriously. The GDPR will change that. Now, firms will need to take extra care about how they collect, get personal consent, store, and use personal data.
Plus, this regulation will actually encourage firms consolidate personal data into a unified platform–so that they are able to easily locate it, anonymize it if needed and report on it. This is what insurance companies call the golden record or a Customer 360 view. This presents a unique opportunity for businesses to better respond to customer requests, engage with them in the ways they prefer, and ultimately innovate.
The GDPR–intentionally or not–is shifting the market and the way businesses operate into a much more data-driven model. And we believe this is the right way to go, because only a data-centric approach (vs application-centric approach) can result in a number of key benefits for the firm at an enterprise level. And we see benefits in the areas of data security, customer centricity, data localization and indexing, and data storage.
Security
Market research shows that more than 50 percent of security breaches are the result of a careless employee. This presents companies with three major risks:
- Compliance fees as regulations continue to tighten up with regards to data privacy–the GDPR coming into effect in May 2018 is just one example;
- Brand and reputational damage, especially if a lawsuit takes your company to Court and into the media;
- Customer churn as consumers are empowered to know and make data privacy requests at any time, while the financial industry especially in the mature markets is fighting for customer retention.
Of course, to minimise the impact of data privacy breach due to human error requires adequate legal and compliance policy and education of employees. New technology can help mitigate those major risks as well. Role-based security and compartment-level security settings in your database platform will enable your organisation. This is important to ensure that data is only shared with individuals or organisations that have consent from the citizen to whom the data pertains. For example, if I–as a customer–withdraw consent for direct marketing, it is important to restrict my personal data from marketing department processes that generate campaigns. Encryption at rest is another important element that ensures that even if a data breach occurs, the data is secure.
Data localisation and Indexing
Another critical factor is that a data-centric approach is based on a robust framework able to identify where all the sensitive data is located within an organisation–even if it comes from multiple systems.
For example, an organisation may have gone through multiple mergers and acquisitions, each of which introduces systems that may contain duplicate data. Each of these silos may contain personal data, and it will typically be challenging for an organisation to achieve a view of exactly what data sits where, how it’s related, and who or what consumes or accesses it.
Customer Centricity
The rise of social media has created many opportunities for companies to engage better, faster and more frequently with their customers and gain richer insights. But it hasn’t – in many instances – enabled them to fully embrace customer centricity. This is due to the fact that many organisations still rely on relational technology and siloed systems across their departments making it impossible to integrate and analyse social media or unstructured data.
Research by the CMO Council in collaboration with SAS quoted by MarketingProfs has shown that 40 percent of the marketers and 51 percent of the IT employees surveyed viewed big data critical to the ability to develop and execute customer-centric programs. However, 52 percent of the marketers and 45 percent of IT professionals said that data that is in silos across an organisation makes it difficult to really achieve customer-centricity. What’s important to recognise about this data is that is comes in many shapes and sizes; whether relational data coming from a CRM system, legal documents, web data, or marketing pdfs. Having a system that can process any shape of data is important in bringing silos together and creating a truly 360 degree view of that data. Traditional relational systems will struggle with this variety of data.
Data storage
No longer will firms use their data just to look back at the history. Now it can be used to establish patterns, trends, and predict the future, empowering the organisation to innovate and launch new products. The modern data-centric approach should leverage a technology to integrate full content of all data sets, structured and unstructured, establish relationships between the data sets, annotate it with metadata and make it instantaneously searchable, at less cost. From the cost efficiency perspective, tiered storage is an effective way to significantly reduce your operational costs.
No doubt, gearing up for the GDPR is a priority for many organizations, and it won't be a light lift. Even so, the changes needed for GDPR compliance can turn into real competitive differentiators for organizations moving forward.