There is just one year to go until the European Union's General Data Protection Regulation (GDPR) becomes law, and most companies have started their journey towards compliance. But it would be fair to say that the majority are struggling with it.
They're mainly struggling because of their approach. Those that approach the journey from a compliance perspective are struggling to convince the business owners to support the change as they cannot see the value. Those that approach it from a technology perspective end up creating data lakes that don't get filled. “Portfolio” approaches – ie those that attempt to combine multiple smaller pre-existing initiatives – lead to a fragmented outcome and uncertainty about compliance.
A better approach is where you drive the changes through customer journeys and business processes. This develops a risk-based approach as you work through the customer/business/citizen journeys that capture and process the most personal data. This is also true for business processes that capture the most personal colleague data.
As you drive a multi-disciplinary team that is empowered to make decisions through these journeys and processes you start to spot opportunities to change the conversation. To move it away from simply a compliance exercise to seek out more effective ways to interact with your customers and colleagues. You also spot opportunities to reduce complexity and costs – examples of which are highlighted in the table:
Focusing on these opportunities means that instead of the GDPR journey being a burden, it's an opportunity to make changes that deliver customer and business value. For instance, de-duping data improves data management; risk management enhancements create more value around data sharing and better data governance allows more value-based investments in data.
Ultimately, you are at the whim of your customers, more so now than ever before: under GDPR; they will own their data which happens to be stored in your organisation. Accepting this new dynamic with customers means a new way of thinking about the relationship, and trust. While a majority (85 percent) of companies believe that greater transparency builds stakeholder trust, only 42 percent of business leaders see transparency as an opportunity. Brands can build trust with their customers and colleagues by establishing a clear data framework where the individual feels the organisation has secured their data and will use it for purposes that deliver value back to them.
Of course, the GDPR journey is not just about opportunities, it is about mitigating risks. A lot of the headlines grab the attention with the high levels of fines up to four percent of group turnover – but the bigger issue is business continuity. Imagine you are prevented from processing your data because of a breach which may essentially shut down parts of your business while you resolve the problem. This could be much more costly in terms of revenue impact and reputational damage than the fine.
The risks alone aren't enough to make the GDPR journey fruitful. To have a successful programme, businesses need to see the opportunities. Without those, there's no real mandate to make the changes.
Contributed by Nick Taylor, managing director, Accenture Strategy
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.