May sees the arrival of the much anticipated General Data Protection Regulation (GDPR). Much has been made of this new legislation, and in the months preceding its advent there has been considerable speculation, hype, and to some extent scaremongering regarding what it means for businesses.
What is GDPR?
The General Data Protection Regulation is an EU law that will replace existing data protection laws across all EU countries (including the UK) from May 25. It is also confirmed that the UK is planning on adopting GDPR after Brexit with its new data protection bill.
In a snapshot, GDPR will require any company doing business with customers in the EU to prove that they have a valid lawful basis to process personal data and that they have in place adequate processes to manage and protect this data.
GDPR is important because it improves the protection of data subjects’ rights and clearly outlines what companies that process personal data must do to safeguard these rights. While personal data has been protected by numerous laws across different countries, the laws in the EU have been disparate and levels of enforcement have varied. GDPR will change that. With newly centralised requirements, increased breadth of application, and higher potential fines, companies will have to be more focused on how they collect, store, and use personal data.
Will GDPR = General Disaster (for) Personalised Relationships?
As a large portion of CX programmes use surveys to gather customer feedback, including the personal data of consumers, many customer-centric organisations will be subject to GDPR.
As part of its requirements for data collection and processing, companies will need to be accountable for how they process information and hire dedicated data protection officers to safeguard the personal information of EU consumers. Customers will also gain more control over their relationships with the companies they interact with. GDPR will establish across the EU a consistent right to access, update, and remove the data that businesses hold on them.
The complexity of the new requirements have rung alarm bells for many over the continuing success of CX programmes. After all, good CX practices rest on access to customer data.
Turning GDPR into a positive opportunity for CX
So will GDPR and CX work hand in hand? In short, yes. In fact, GDPR is a great opportunity for organisations for the following reasons:
- Establishing transparency and trust with customers: under GDPR, customers will have the right to know exactly what personal data is collected by companies they interact with, and how those companies use that information. Many companies are embracing this as an opportunity to establish a new level of trust with their customers, creating a huge opportunity for companies to make their businesses more customer-centric.
- Broader awareness of privacy rights: with all the attention toward GDPR, employees across all parts of a business are paying closer attention to honouring customers’ privacy and data rights. With this wider understanding, companies will be better positioned to create experiences that establish trust with their users.
- Designing products from the user’s point of view: GDPR requires companies to take into account a user’s privacy rights from the outset. With this focus, data protection and user trust will be core considerations for the Customer Experience.
Whilst changes do need to be made to the way in which organisations manage customer data, one thing is absolutely for certain – if handled well, GDPR needn’t be a bad thing for CX programmes. The principles of GDPR mirror those of a good CX programme: customer-centricity built on transparency, trust, and respect applied to company operations. Rather than seeing this as yet another compliance initiative, this should be viewed as an important stride forward to building a customer-centric culture across the business world.