Turn the GDPR into a Carrot—Not a Stick

Stay Connected

Blog updates via Email

In a few months, the EU General Data Protection Regulation (GDPR) will come into force, overhauling how organizations around the globe handle personal information. When this happens, businesses will have a choice: to treat the GDPR purely as a technical compliance matter or embrace it as a customer relationship opportunity.

What is the GDPR? If you missed the memo, it’s a data protection law that the EU’s GDPR website says is designed to “harmonize” data privacy laws across Europe, as well as grant greater data protection and rights to individuals. The law will go into effect on May 25, 2018 and will be enforced by national data protection authorities.

The GDPR contains strict rules governing how organizations collect, process, and manage individual data of EU citizens, regardless of where in the world their data is being used or stored. The new regulations include changes in the following business practices:
  1. Consent:
    When asking customers for permission to access their data, companies will no longer be able to use long illegible terms, bundle permissions, and other practices. The request for consent must be given in an intelligible and easily accessible form in addition to an explanation of how the data will be used. It must also be as easy for customers to withdraw consent as it is to give it.
  2. Profiling and marketing
    Customers will have the right to opt out of any form of automated profiling and marketing, which impacts everything from CRM databases to programmatic advertising.
  3. The right to be forgotten
    In addition to opting out of profiling and marketing, customers can request that all of their data is erased.
  4. Accountability and compliance
    Companies covered by the GDPR will be accountable for how they handle people's personal information. As a result, companies may have to create customer data protection policies, appoint customer data protection officers, and provide documents on how customer data is processed.
  5. Data portability
    Customers will be able to request a copy of their personal data in a machine-readable format and share that data with other companies.

Like a tornado that threatens to upend everything in sight, the new law has huge implications for businesses. Those that fail to comply with these regulations could face fines of up to €20 million ($24 million) or 4 percent of annual global turnover, whichever is greater. Companies that lose large portions of their customer data could also see higher acquisition costs, while retention and profits plummet.

On the other hand, these changes force companies to focus on the quality of their relationship with customers. Organizations that give little thought to whether they’re giving their customers value will be penalized. A classic example is permission requests on mobile apps. Many companies ask for more customer data than they need or fail to explain how sharing the benefits of big data to the user.

Iain Banks, vice president and EMEA client partner at TTEC, faces this challenge daily. “You can't just rely on technology anymore, you should look beyond this and know what each consumer wants,” he says. “What we need to see in the future is a union between technology and humanity, a balance between the two that creates seamless integrations across channels. Businesses need to bring personalization to the forefront of customer experience.”

Superior companies will view these regulations as a stepping stone to forging long-lasting relationships. In addition to being compliant, they’ll give their customers a compelling reason to share their data and ensure it’s updated.

This isn’t to say that being compliant will be easy or that business lines won’t be disrupted. What matters is how businesses respond to the GDPR. Those that treat the new law as a stick may survive, but those that consider it a carrot to forming better customer relationships will thrive.