As a result, legislators have realised that rights for consumers needed reviewing and new obligations for businesses introduced.
Because of this, and the ever-changing landscape of data usage, major changes in the way companies in the EU manage Personally Identifiable Information (PII) have been agreed upon under the General Data Protection Regulation (GDPR), which will come into force on 25 May 2018.
Companies have so far spent an average of £1.3m getting ship-shape for GDPR.
Underwriting this cost is an understanding of the advantages being GDPR-ready can bring, rather than simply a regulation that comes with a cost, and is a chance to use GDPR positively for both consumers and to better understand the data landscape.
1. Consumer protection
It is widely recognised that customers’ personal data must be given greater protection than existing regulation has previously allowed for.
GDPR ensures this higher degree of protection, while giving customers much greater control over the way their data is stored by businesses. Recent significant data breaches serve only to remind us that organisations must start to take the security of their data extremely seriously.
July 2017 saw 700,000 people exposed in the Equifax data breach, compromising an enormous amount of highly sensitive personal data.
The level of protection afforded to customers' data from GDPR will certainly help to prevent data being used in fraudulent activities.The additional security measures that are enforced under GDPR reduces the likelihood and severity of a data breach, and makes data much more difficult to access in the event of a cyber-attack.
Recent breaches of trust by Facebook have severely affected investor confidence – its share price tumbled by 5.2 per cent after a class action lawsuit was filed in federal court.
Arguably, had a regulation such as GDPR existed, Facebook would have had a much clearer obligation to flag the original data breach back in 2015 and millions of users’ data would have been better protected. The level of protection afforded to customers' data from GDPR will certainly help to prevent data being used in fraudulent activities.
2. Improved analytics and increased insight
Firms should see compliance not as just a cost, but as an investment into the capability and competitive advantage of the business.
New regulation will encourage firms to consolidate personal data into unified platforms for location and reporting purposes.
Once the correct infrastructure is in place, the data will not only be stored more securely but will also be more accessible.
This data can then be used by businesses to better understand customers’ behaviour and make strategic decisions.
Not only this, it will make sure that services and products meet client needs efficiently and effectively. A wealth advisory firm, for example, will be able to offer products that better meet their customers’ needs once they know more about them, their behaviour, spending habits, and the stage they are at in their lives.
3. Employee engagement
One of the more unexplored opportunities GDPR brings to the table, is the chance to improve engagement amongst the different silos of a business and bring a holistic approach to all processes, both internally and externally.
By bringing in employees who traditionally work across the ‘front line’ of the business, and who fully understand how valuable customer data can be, such individuals will become empowered and fully integrated within the core capabilities of the businesses.
To be effective in data management, businesses must trust, and recognise, that employees across the whole business play an integral role.
Those who realise this competitive advantage will put themselves streets ahead of their competitors.
4. Operational efficiencies
GDPR represents an opportunity for valuable business investment in areas that may have been previously overlooked.
Investing in these areas and improving operational efficiencies, while having a handle on compliance matters, could save companies £2.3bn a year, according to the European Commission.
Improved operational efficiencies will help businesses to understand their customers at a higher level, allowing needs to be met in a much more efficient way.
Establishing a culture where a company can begin to appreciate and respect the possibilities of understanding data fully will not only help self-guard data, but encourage businesses to cultivate it to their own advantage.
Furthermore, and contrary to some popular opinion, companies may not require an obscene IT infrastructure spend to comply with GDPR. Businesses need only to scope out their requirements first, then look at the necessary technological transformations (with corresponding business cases) rather than the reverse.
5. Creating a return on investment
Once a company has the correct governance and infrastructure in place, as required by GDPR, the data it holds will be of greater quality, allowing for the use of analytics to create revenue building opportunities.
The resulting and significantly superior insights a business will have through using analytics, will increase the efficiency of the business and the effectiveness of its activities, allowing greater revenue to be generated.
Businesses must seize the opportunity to be seen as forward thinking and compliant once GDPR comes into force later this month.
The chance to move ahead of their competitors and understand their customers' behaviours is invaluable, and those firms who don’t are likely to be left behind.
Ruaraidh Thomas is managing director of applied analytics at DST Systems
