How GDPR compliance can ignite Digital Transformation

By Peter Ruffley | 15 August 2017

Over the past decade the vast majority of businesses have invested heavily in collecting reams of customer data; indeed this data increasingly informs every aspect of business strategy. It may, therefore, come as a surprise to many CMOs and CXOs to discover that a number of IT teams are planning to delete vast amounts of this customer information before May 2018. Why? Because they simply cannot see any other way of achieving compliance to the forthcoming General Data Protection Regulation (GDPR).

The problem for IT is that GDPR demands in effect a single view of all customer information – and that means pulling together data from multiple diverse systems, a task deemed too expensive and too complicated to be justified only for a compliance exercise. Yet this single view is something the business has been demanding for years; a trusted, accurate information resource that could and should underpin digital transformation initiatives. So why shy away from this opportunity? Is it just too difficult and expensive? Maybe as an internal IT project using conventional tools and techniques, but cloud analytics experts can quickly combine multiple sources of data and assess its quality and compliance as well as determining if it has intrinsic value to the business.

Customer data value

With now less than a year to comply with the forthcoming General Data Protection Regulation (GDPR), there are worrying signs that organisations are beginning to panic. Coming into force on May 25th 2018, GDPR is designed to empower individuals, putting the customer effectively in charge of his or her information. From strict retention and destruction requirements to a right to be forgotten, compliance can only be achieved if organisations have a complete and up to date view of all customer information.

And this is clearly a concern for IT departments facing the need to consolidate information located across multiple, diverse systems – both corporate and, in the age of Shadow IT, those owned by the end users. With customer information encompassing not only basic contact details but also preferences, interests, shopping and browsing history, as well as segmentation and marketing activity, this information will not only be disparately located but will be stored in different formats and owned by different parts of the business. Using traditional data management technologies, the task of pulling this customer information together into a trusted and accurate single view is simply too complex, too expensive and too time consuming – especially for a compliance exercise considered to be nothing more than a business cost.

Is it any wonder that IT teams are looking at the data resources and beginning to make arbitrary decisions about customer data value? Why retain customer preferences, for example, or marketing history? Such data just adds complexity to GDPR compliance, so why not just retain the basics of identification and purchase history? For the IT team tasked with achieving GDPR compliance, the sheer risk of retaining much of this customer data appears too great – hence the decision to delete. But what about the business owners; the Marketing Director and Customer Experience Manager, the individuals who have carefully crafted strategies based on this critical customer information? What happens in May 2018 when this essential data resource suddenly disappears?

Lost opportunity

This lack of connection between IT and the business information owners is just one more sign that organisations are failing to recognise the implications of GDPR. According to a recent study¹, just 6% of UK firms regard GDPR compliance as a priority; indeed 20% deem the new data protection regulation to be a low priority. Yet failure to recognise the business implications of GDPR extend far beyond potential breach and fines: if business owners do not actively look to safeguard vital information resources today, many IT teams will insist they have no alternative but to delete customer data as the deadline approaches, fundamentally compromising business operations.

The onus is on organisations to determine data value and data quality today. It is more than possible that some of the vast quantities of customer data will not be worth keeping – it could be inaccurate, out of date or simply irrelevant. But who knows? Without a way of quickly and effectively assessing that data, who will take the decision to delete or retain?

And what about May 26th 2018? What happens to the data being collected by sales, marketing and customer service the day after GDPR comes into force? This is not a one off event but a continual process. If the compliance strategy is based on the deletion of all ‘irrelevant’ customer data, to remain compliant the organisation will have no choice but to continue this approach and stop recording any but the most basic customer data. Effectively all the great, data driven project ideas and initiatives of the past decade will be dead.

Taking control

If organisations are to avoid this potential disaster, business and data owners need to be far more proactive and take control of the way in which GDPR compliance affects customer data. GDPR is definitely not simply an IT project – the underpinning data is too business critical for that.

Rather than make this an expensive, long drawn out IT project – the latest generation of cloud analytics can be used to gain an overview of the quality and value of its customer data.

Consolidating these multiple data sources to create a single customer view can be achieved within weeks and provides the essential starting point for GDPR compliance. With a single repository of business data, organisations can see immediately whether that data needs work: From deduplication to deletion or missing data, a rapid data overview provides clarity to an organisation’s GDPR compliance requirements.

This model not only safeguards critical business information and provides a foundation for GDPR compliance, but it can be the basis for effective Digital Transformation. With a single view of every customer, from interests to business interactions, an organisation can become truly data driven, leveraging advanced analytics to improve every aspect of the customer interaction. Furthermore, having proved the value of the single customer view, an organisation can extend the model to join up all business functions, from products to finance or customer service and realise Digital Transformation objectives. With a single operational view, an organisation can adapt to change, look to monetise data, improve efficiency, effectively drive change – all, within a GDPR compliant business model.

Conclusion

The knee jerk reaction of not keeping data in response to the challenge of GDPR compliance could devastate a business. Just consider the massive investment in data made over the last decade that could be thrown away without even understanding the cost; the new data that will never be recorded for fear of becoming uncompliant; and the new systems that cannot be deployed due to the perceived risk of invalidating GDPR related processes. The business will be fundamentally – perhaps terminally – compromised.

GDPR today is being addressed as an IT issue, an IT project. But GDPR is about data – and that data is owned by the business and defines corporate strategy. Now is not the time for organisations to part ways such vital data resources.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development