Flipping governance: How an outside-in perspective on GDPR can differentiate your brand
The below is a guest blog post from Craig Wentworth, Principal Analyst at MWD Advisors. Craig lends his commentary about the topic of GDPR compliance and what it can do to transform your business and help build a solid relationship with your customers. For the majority of companies that just went through GDPR compliance, we aim to bring you ways you can use this exercise to steadily increase communication with your customers, foster a strong relationship with them, as well as build trust. We also encourage you to delve deeper into this topic through our recent IT Strategist's Guide to Transforming ECM.
The recent General Data Protection Regulation (GDPR) is designed to grant EU citizens new rights over the control and processing of their personal data. However, if you look beyond issues of basic compliance, and embrace GDPR’s ethos of privacy by design and default, your organization can use the momentum to move to a higher plane of data governance, ethics and transparency. That’s a foundation upon which you can establish a much more trustful and engaging relationship with your customers – where good data ethics are good for business, and demonstrating them can differentiate your brand.
The road to achieving a basic level of GDPR compliance is paved with requirements for organizations to catalogue the personal data they hold. They need to:
- Know what it is, where it is, and put it under protective management
- Identify and certify the users it entrusts to access that data – determining what’s necessary, when, and by whom in order to execute specific processes
- Design and enforce a data governance framework, with processes that satisfy requests from data subjects, audit requirements, and breach notifications
This may sound rather heavy on the obligation side, but if you’re able to embed good data ethics into the culture of your organization; then the effort you’ve gone through to get you there will pay greater dividends than simply a good night’s sleep. If you’re going to do it anyway, you might as well go all-in and leverage obligation into opportunity.
Why? Well, if you are acting as a responsible steward of your customers’ personal data, then it can set the tone for a re-engagement and a re-boot of the relationship; one now grounded in demonstrably sound data ethics, transparency, and respect. Explain the affordances of sharing and processing certain personal data such as what’s it in for whom (better personalisation for customers, tighter segmentation for you) and why.
Don’t just view GDPR communications as a way of asking permission to continue treating customers the way you always have. Instead, you can differentiate your attitude towards your customers, their data, and carve out a new relationship.
Building trust through transparency
Modernizing policies to drive data literacy across the organization will take tools, talent, creative thought, and critical analysis of how the changing data processing landscape is likely to evolve. However, the processes these policies inform will enable a company to reap the benefit of a ‘transparency premium’ as increasingly data-savvy customers subject their service providers to ever greater levels of scrutiny.
This transparency, and outward clarity as to the use of personal data, comes from applying an ‘outside-in’ design thinking approach to data governance. No longer is it born of a “what do we have to do to comply?” mentality. Instead, ‘flipped governance’ provides the impetus to ask “what can we do to engender trust?” and “what’s in it for the customer?” linking high quality digital experiences to high quality corporate governance.
"Bake" compliance into existing processes
Nevertheless, nobody said it was going to be easy. Most likely, any initiatives designed to drive new customer experiences based on an improved relationship with personal data will be led by executives with the responsibility for customer relationships; not those responsible for regulatory compliance.
This underlines why good data literacy needs to be pervasive across the organization, and why product/service development processes need to embrace GDPR’s principles of privacy by design and default. In this way, compliance isn’t treated as a test to be passed – instead, it’s baked into the way things already are. When data governance is everybody’s responsibility, it starts to become an invisible component of the way an organization does business.
Like the best ways of delivering great customer experiences, strong data governance helps flip perspectives and design from the outside in. The same is true of making good data privacy, ethics, and transparency a brand differentiator – flip it! As a customer, how would you like the companies you deal with to treat your data? Balance that equation, and you’ve successfully navigated the path from data toxicity to transparency and trust.
And you’ll have brought your customers with you.
About MWD Advisors:
MWD Advisors is a specialist technology advisory firm that shows how digital technology changes work; helping today’s innovation, architecture and technology change leaders accelerate their success and manage risk. Our approach combines flexible, pragmatic mentoring and advisory services, built on a deep industry best practice and technology research foundation.