GDPR: an Opportunity to drive Customer Experience & Create Digital Trust

With consumer data privacy becoming a top priority in the current age, regulating authorities have jumped into the conundrum to ensure that users get the privacy they need for their personal data. One such regulatory authority that has come into the mix to ensure rights for all users online is the European Union. The EU announced the General Data Protection Regulation or GDPR, that will be in full effect by May of this year. Although GDPR may be considered a regional regulation, its impact is far=flung and may be seen across the globe in the coming days. 

While GDPR imposes regulations on many aspects of management and user protection, the main clause of the regulation is that users will now be able to control their own personal data online and organizations will be required to protect the data that users share with them. New protection methods for personally identifiable information or PII gives every EU citizen the right to approve the use of their personal data. Citizens can now allow the use of their data or can opt for the “right to be forgotten” as an alternative. 

The enforcement of the GDPR by the EU will be done through the implementation of a series of sanctions, stiff fines, and compensations. These fines and compensations will range from to two percent of an organization’s revenue or 10 million Euros for minor infractions to four percent of an organization’s revenue or 20 million Euros for major infractions. The amount will be settled on the basis of whichever of the two figures is higher. The regulations haven’t been imposed just for organizations based in the EU, but will also be applied to any organization doing business with EU citizens, regardless of the industry it operates in and its size. 

Competitive Differentiation 

While complying with GDPR regulations is definitely a challenge for all organizations currently operating with EU citizens, success would lie in seeing these new regulations as an opportunity to achieve competitive differentiation rather than just a barrier or a challenge. This presents an exemplary opportunity for organizations to drive digital trust for their brands and ensure that they not only comply with these regulations, but also end up making a mark for themselves in this competitive environment. 

Take organizations like Google, Apple and Microsoft etc. Consumer confidence has always been important for these organizations and they have always operated within law to get customer consent for using their data. This has allowed major corporations to stand out and gain a unique selling point that differentiates them from the others. 

Some organizations have stored tons of customer data for which they did not acquire written consent. This means the data cannot be used for the purpose of analysis after the end of May 2018.

Data management platforms (DMP) are instrumental for digital marketers. These platforms help marketers find high value audience to advertise their products and services. Most of this data is collected by third parties and used by marketers. However, with the general data protection regulation taking effect from May, DMPs will have a difficult time to obtain third party data.

DMPs mostly get their data through cookies and consent isn’t necessarily required to use cookies. However, implementation of GDPR will change this as it demands that personal data, especially data collected through cookies, can only be used after obtaining explicit consent from individuals.

Data collectors are likely to face more legal obligations under GDPR, leaving DMPs to rely more on first and second party data. Use of 3rd party data should be reviewed depending on new GDPR regulations.

Most organizations will have to revert back to the core architecture on how they collect and manage customer data. Businesses would need to switch to a flexible, agile & compliant architecture to manage & analyse real time (customer behavior) data. 

Businesses will need to re-organize the strategy on how to segment their audience if their ability to collect data is limited. While this limitation presents new challenges, it also brings new opportunities for businesses.

Each business will have to find their own way of dealing with the changes in regulation and we are likely to see creative ways to improve the customer experience to get in return the customer’s data. 

Furthermore, business will need to provide improved security features to their give consumers. By giving their users the right over their own data, as suggested by the GDPR, these organizations can assuage the concerns of the customers regarding data theft.

By cashing into this opportunity, you will not only comply with the EU regulations proposed through GDPR, but will also create a unique identity for your brand. 

About the Authors

Bob Nieme

For over 15 years, Bob Nieme has been a Digital Transparency protagonist, being the most essential condition for long term relationships based on trust and mutual interest.In 2014 Bob was recognized as a Privacy by Design Ambassador by the Information and Privacy Commissioner of Ontario, Canada and in 2013 he was admitted to the Advisory Board of the Department of Mathematics and Computer Science of Eindhoven University of Technology. As a Data Science Ambassador, he initiates and supports various start-ups and education programs. Bob Nieme founded 3 leading data-technology companies: Adversitement specializes in data process management, O2MC I/O offers a prescriptive web computing framework,  and Datastreams.io empowers data-driven collaboration by providing governed access to trusted data sources.

Ronald van Loon

Ronald van Loon is, Director at Adversitement, an Advisory Board Member and Big Data & Analytics course advisor for Simplilearn. He contributes his expertise towards the rapid growth of Simplilearn’s popular Big Data & Analytics category.

If you would like to read more from Ronald van Loon on the possibilities of Big Data and the Internet of Things (IoT), please click “Follow” and connect on LinkedInTwitter and YouTube.

Views: 1828

Tags: Customer, Experience, GDPR, Privacy


You need to be a member of Data Science Central to add comments!

Join Data Science Central

Comment by Vincent Granville on March 14, 2018 at 6:00am

Great article Ronald!

I think this is more a perception issue (public relations), and yes, an opportunity to create trust and compete against other companies that may abandon the EU market or refuse compliance, as well as find creative ways to analyze data.

But GDPR is a big document full of contradictions, a document designed by lawyers with no knowledge about how the Internet works, and full of logical fallacies. For instance you must keep track of visitors for security purposes, to identify and report hackers. Will the NSA be fined for not complying? Is GDPR in conflict with US laws regarding data security? Any time you visit or hit a US website, you should be under US legal jurisdiction, wherever you actually reside. Just like when you travel in (say) France and you are a US resident, you are subject to French regulations when in France. Another logical flaw: If you want to block traffic from EU, in order to do so, you must collect some info about the visitor (be it a robot or a human) to identify her as an EU resident. Thus you could violate GDPR just by blocking EU traffic. Yet if you accept unsolicited EU traffic to your website, you may still be liable if you have no desire to be GDPR-compliant. What about UK, after the Brexit? If your website is in English and English is no longer an official language of EU (except for Ireland) it is almost like saying that your website is not meant for EU residents. What about an individual in US receiving an email from his brother in Belgium? Are you also subject to a $10,000,000 fine for permanently keeping the messages in your mailbox, which contains private data about the senders?

Obviously EU does not have the resources to enforce GDPR for the vast majority of people and companies. This is why I believe it is a perception issue, more than a legal threat (except for big data aggregators like AWS or Facebook.) Eventually no one will talk about it when it settles down. It reminds me the HTTPS issue when Google Chrome forced all websites to be secure, by penalizing the rankings of non-compliant websites in Google search and displaying a warning on Chrome such as "this is not a secure website." Nobody still talk about it nowadays.

It would have been much better and easier for the EU to block any website that they don't like (whatever the reason), just like it is being done today for websites catering to terrorists or pedophiles. Or just like Russia and China do. The way EU is handling it makes them appear as a mob, trying to get money from anyone any way they can. Viewed from the other side of the Atlantic, EU, one more time, appears as a dying patient whose cancer is bureaucracy.

A potential side effect is an increase in prices of products and services offered to EU residents, that could overshadow the benefits of GDPR, as companies will shift the expense burden onto customers.

My 2 cents. 

© 2021   TechTarget, Inc.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service