The last time data regulation was introduced we were averaging less than two hours a day connected to the web, today, we average over 22 hours.
Back then, the vast majority of data usage was transactional; used to improve business processes, create multichannel marketing, drive out cost and generally make it easier for consumers to interact with business. Provided that sensitive personal data was properly secured then all was OK. But as time as gone by, the type of data created, and what is done with it has changed dramatically.
The rise of a smartphone constantly connected to the web has meant that consumers are sharing an order of magnitude more of personal data than ever before. And that data is increasingly highly contextual (where they are, when and with who) as well as highly specific (what they’ve done, doing and looking to do).
Add to this the radical way in which data can be processed. Cloud computing and mind-bendingly smart algorithms make it possible to process data and trigger decisions in far less time than it takes to blink.
The data that’s gathered about us is more comprehensive and accurate than ever before which means that risk of harm to the consumer, if the data is mishandled or misused is correspondingly great. And so, like with electricity and motorised transport before it, regulatory steps need to be taken to create enforceable standards to ensure usage is “safe”.
And this is the focus of the majority of GDPR programmes in organisations across Europe today - how to ensure the business is “safe” and data processing compliant. However, whilst this will keep you off the regulator’s naughty step, it will also condemn you to delivering a terrible customer experience.
This is because sitting at the heart of GDPR is the idea that customers should know what data organisations collect about them, what they do with the data and who they share it with, and that customers should have to consent for their data to be used in this way. This forces organisations to be transparent, for the first time, about what customers already suspect – that their data is used disproportionately to create value for the business and not for them.
The most difficult GDPR requirement
Getting consent from customers to use their data in ways they can’t see the value in might be the single most difficult requirement that GDPR demands. And without consent, organisations will be limited to providing bare bones services and nothing much more.
So (after data compliance) successfully capturing consent becomes the however-much-your-business-is worth dollar question.
The consent challenge breaks down as:
a) How to engage customers in a conversation about their data (which, given normal people have far better things to than talk about data, needs careful exploration); and then
b) Convince them that because their data to used in ways that creates real, tangible value for them, that they should...
c) Consent to it being used.
As you’ll have noticed, these abc’s are the same for selling anything successfully a customer:
a) Work out the best moment to interact;
b) Give them a reason to engage where the value equation is in their favour; and
c) Make it easy for them to act.
What’s critically different in this post GDPR-mandated transparent world is step ‘b’: how to create a value proposition that is clearly leveraging customer data for the user’s benefit?
Now that the compliance challenge has been rearticulated as a marketing and proposition challenge it becomes much easier to solve – provided you can engage whatever marketing and product capabilities you have to solve it.
Through these new consent experiences, GDPR will force a more transparent value exchange with customers and, hopefully, create a world where organisations compete on the basis of education, empowerment, convenience, trust and value rather than ignorance, inertia and caveat emptor.