If you’re looking at GDPR as a mountain to climb, you’re not alone: the Financial Times reports that, “Members of the Fortune 500 will spend a combined $7.8bn to avoid falling foul of Brussels’ General Data Protection Regulation (GDPR), according to estimates compiled by the International Association of Privacy Professionals (IAPP) and EY. This equates to an average spend of almost $16m each”.
Unless you’re a corporate giant, that’s unlikely to be the sort of bill you face – thank goodness – but GDPR compliance is certainly a challenge, especially when you factor in the one-off effort required to achieve and demonstrate compliance by May 2018.
Can anything good come of this effort?
Of course, we’re all consumers as well as business owners, and it might be a crumb of comfort to know that businesses are collectively shouldering the burden of creating a better data environment for us all. And it’s a level playing field: chances are your competitors are under the same pressures as you.
But compliance is also always a chance to run a better business all round, and smart businesses are extracting opportunity from the Herculean efforts required. Here are four ways in which you can benefit.
Get your technology together.
Many businesses are investing in technology (data storage, database services etc.) to solve their GDPR problems. But GDPR is a one-off opportunity to assess your IT from end to end. Most businesses have a hotch-potch of piecemeal solutions accumulated over the years, so GDPR is the ideal chance not just to become compliant but also to deploy technology which will allow you to become a more efficient and productive business.
If you are investing in IT to solve GDPR, ask whether you could also meet new client needs, build new products or optimise your operations at the same time. GDPR is so far reaching that the answer to at least one of these questions is likely to be ‘yes’.
Use GDPR in your customer communications.
You’ve put effort into compliance, so you have the right to shout about it. Explain the work you have done to your customers and it will present you in a positive light. Of course, everyone should be GDPR compliant, and you might think that this therefore has limited value, but by using it as a springboard to evangelise about your customer commitment, it can be hugely valuable. For example:
- “We’re now GDPR compliant…” is boring.
- “As part of our GDPR compliance activities, we have refreshed the technologies and processes we use to protect your data, and I wanted to write to you to underscore our commitment to your security…” presents you as the hero!
Fundamentally, GDPR compliance creates trust, a commodity valued by customers. It would be a shame not to capitalise on it.
Incentivise your team.
We saw above that GDPR is going to put new burdens on what is probably already stretched technology infrastructure, and this is therefore an opportunity for a refreshed approach. You can substitute “people” for “technology” and get the same argument.
It is in fact unlikely that businesses will experience a sudden torrent of data removal requests, but improving ongoing processes for continued compliance with the letter and spirit of the law after May 2018 will mean new burdens on some of your staff.
Either you can hope they’ll go the extra mile alone, or you can revisit your employee engagement and incentivisation strategy. What value do precision, care and completeness have to your business and front-line delivery team? Is data protection part of the natural flow of customer service?
If not, consider whether you need more resources (headcount or on-call assistance) to get by, and how you might nudge people to prioritise it in their daily lives.
Rethink your marketing.
Nobody likes spam emails, spam phone calls, spam text messages. If your marketing is looking wobbly because you’ve depended on techniques which are either dubious or at best unwanted, it’s time to become a more effective and professional company by revising it. The Privacy Trust says, “GDPR should make you stop and consider exactly why you’re requesting personal data from potential customers.
If the marketing strategies you’ve employed in the past through use of that data haven’t worked, try something completely different, that doesn’t require so much customer data. This different approach is something that could very well appeal to more of your customers and achieve a greater response”.
Similarly, customers who have not demanded that you delete their data, and/or who have opted in to your marketing, are people with whom you now have a confirmed relationship. They are open to contact, and you can now use that relationship – carefully! – to nurture new sales and upsell opportunities.
All of these come down to the same principle: if you’re already going to put time, effort and money into a wholesale restructure of the way your business operates, you should extract the maximum value by revisiting all your processes along the way.
For more details and to find the course package that best suits your organisation, click here.