With now less than a year to comply with the forthcoming General Data Protection Regulation (GDPR), there are worrying signs that organisations are beginning to panic. Coming into force on May 25th 2018, GDPR is designed to empower individuals, putting the customer effectively in charge of his or her information. From strict retention and destruction requirements to a right to be forgotten, compliance can only be achieved if organisations have a complete and up to date view of all customer information.
And this is clearly a concern for business owners and IT management facing the need to consolidate information located across multiple, diverse systems – both corporate and, in the age of Shadow IT, those owned by the end users. With customer information encompassing not only basic contact details but also preferences, interests, shopping and browsing history, as well as segmentation and marketing activity, this information will not only be disparately located but will be stored in different formats and owned by different parts of the business.
Using traditional data management technologies, the task of pulling this customer information together into a trusted and accurate single view is simply too complex, too expensive and too time consuming – especially for a compliance exercise considered to be nothing more than a business cost.
Is it any wonder that IT teams are looking at the data resources and beginning to make arbitrary decisions about customer data value? Why retain customer preferences, for example, or marketing history? Such data just adds complexity to GDPR compliance, so why not just retain the basics of identification and purchase history? For those in IT tasked with achieving GDPR compliance, the sheer risk of retaining much of this customer data appears too great – and many maybe considering the decision to delete.
But what about the business owners; the marketing director and customer experience manager, the individuals who have carefully crafted strategies based on this critical customer information? What happens in May 2018 when this essential data resource suddenly disappears?
Lost opportunity
This lack of connection between IT and the business information owners is just one more sign that organisations are failing to recognise the implications of GDPR. According to a recent study, just six per cent of UK firms regard GDPR compliance as a priority; indeed 20 per cent deem the new data protection regulation to be a low priority.
Yet failure to recognise the business implications of GDPR extend far beyond potential breach and fines: if business owners do not actively look to safeguard vital information resources today, many in IT will insist they have no alternative but to delete customer data as the deadline approaches, fundamentally compromising business operations.
The onus is on organisations to determine data value and data quality today. It is more than possible that some of the vast quantities of customer data will not be worth keeping – it could be inaccurate, out of date or simply irrelevant. But who knows? Without a way of quickly and effectively assessing that data, who will take the decision to delete or retain?
And what about May 26th 2018? What happens to the data being collected by sales, marketing and customer service the day after GDPR comes into force? This is not a one off event but a continual process.
If the compliance strategy is based on the deletion of all ‘irrelevant’ customer data, to remain compliant the organisation will have no choice but to continue this approach and stop recording any but the most basic customer data. Effectively all the great, data driven project ideas and initiatives of the past decade will be dead.
Taking control
If organisations are to avoid this potential disaster, business and data owners need to be far more proactive and take control of the way in which GDPR compliance affects customer data. GDPR is definitely not simply an IT project – the underpinning data is too business critical for that.
Rather than make this an expensive, long drawn out IT project – the latest generation of cloud analytics can be used to gain an overview of the quality and value of its customer data.
Consolidating these multiple data sources to create a single customer view can be achieved within weeks and provides the essential starting point for GDPR compliance. With a single repository of business data, organisations can see immediately whether that data needs work: from de-duplication to deletion or missing data, a rapid data overview provides clarity to an organisation’s GDPR compliance requirements.
This model not only safeguards critical business information and provides a foundation for GDPR compliance but it can be the basis for effective Digital Transformation. With a single view of every customer, from interests to business interactions, an organisation can become truly data driven, leveraging advanced analytics to improve every aspect of the customer interaction.
Furthermore, having proved the value of the single customer view, an organisation can extend the model to join up all business functions, from products to finance or customer service and realise Digital Transformation objectives. With a single operational view, an organisation can adapt to change, look to monetise data, improve efficiency, effectively drive change – all, within a GDPR compliant business model.
Conclusion
Any decision not to keep data in response to the challenge of GDPR compliance could devastate a business. Just consider the investment in data already made that could be thrown away without even understanding the cost; the new data that will never be recorded for fear of becoming non-compliant; and the new systems that cannot be deployed due to the perceived risk of invalidating GDPR related processes. The business will be fundamentally – and forever – compromised.
GDPR is about data – and that data is owned by the business and defines corporate strategies. Now is not the time for business owners and their IT team to part ways such vital data resources but seek the opportunities that GDPR can offer.
Further reading on GDPR
