GDPR Security

For anyone who has the responsibility within their organization for Information Security, you have probably started to receive a lot of sales messaging from companies selling services aimed at compliance with the new European Data Protection Regulations (GDPR), coming into force in May 2018.

A lot of that messaging is focused on fear and compliance, and whilst that is not surprising given the impact of the new powers regulators will have to fine companies, I personally don’t see the new regulations in the same way.

Big Data and GDPR

The volume and type of data collected is growing at a staggering rate, with Accenture estimating that by 2020 each consumer will have a digital shadow of 2.5GB of personal data. With such volume, I doubt anyone would disagree that measures to control companies use of such data were not a positive step in our increasing digital economy. However, on first inspection of new regulations with its significant fines, 72-hour breach notification criteria and expanded definition of personal data together with the truly global implications of the GDPR, you can’t blame people from using the fear tactic to drum up some sales.

But there is another way to think about this. What if we used the GDPR as an opportunity to improve customer experience, build trust and create a competitive advantage?

CX & the Privacy-Personalization Paradox

Customers are demanding more personalization and better experience both through their on-line transactions as well as the growth in their use of smart technologies, often trading personal data as currency in these transactions. But at the same time, there are increasing concerns about the security and use of that data, with a survey from Forrester revealing that 33% of consumers have cancelled a transaction on line because of privacy concerns. So, on the one hand we will happily allow an application to track our daily run, but feel un-comfortable about using another to buy a shirt.

This has been referred to as the privacy-personalization paradox.
This is where I believe GDPR, and other privacy and security regulations, can actually help. These regulations will drive organizations to become more open and transparent in the way in which they deal with the personal data they need to collect. For example, Article 5 of the GDPR requires that personal data shall be “processed lawfully, fairly and in a transparent manner”, and the GDPR sets out how companies need to let customers know what they are doing in a concise, transparent and unambiguous way.

While the GDPR may look like a burden, organizations that treat it as an opportunity have much to gain by showing consumers their data is respected, protected and used wisely to provide a more tailored experience.

If you’re interested in learning more about tailoring customer experiences contact one of the team today.

Contact Us

Ben Skuse

Ben Skuse