GDPR: Beyond Compliance

On May 25th the EU General Data Protection Regulation, also known as GDPR, will come into force. In an increasingly interconnected and digital world, the regulation is designed to protect and give European citizens more control over their personal data while harmonising data privacy laws across its member countries.

In today’s globalised context, GDPR calls for businesses to rethink the way they approach and deal with people’s sensitive information. A rush towards compliance is a natural and dutiful response by businesses. Beyond a bureaucratic burden, GDPR is fore and foremost an opportunity for individuals and companies to reshape their relationship to their personal data.

From May 25th onwards, European citizens have the chance to become empowered agents when it comes to the content and usage of their personal data.

Under GDPR, individuals will now be able to demand full transparency over their data. The right to data portability (Art. 20 GDPR) is probably among the most important articles of the upcoming regulation and allows individuals to obtain and reuse previously shared personal data for their own purposes across different services. At the same time, individuals will benefit from the “right to be forgotten” (Art. 17 GDPR) which provides consumers the opportunity to erase all the data shared during previous interactions.

With an increase in digitally cautious consumers, especially among the younger generation of Digital Natives, these regulations set the ground for an improvement in the perception of public institutions by the citizens. At the same time, as we discovered during a study  Claro conducted around Digital Natives in financial services, GDPR provides individuals the level of control and independency they strive for when switching across different products, services and life modes.

In this reconceived legal structure, tremendous opportunities arise as well for businesses both big and small. Companies, for example, that have the skills and resources to store, manage and protect large amounts of data will see their businesses grow by providing these services to those whose economics do not allow for it. At the same time, start-ups will see legal barriers significantly reduced when expanding in the European economic zone.

The push for “privacy by design” brought forward by GDPR forces businesses to reflect on the value of personal data from day one and calls on them to defend it homogenously across borders. When organisations positively embrace this change in mindset there is large scope for them to (re)gain trust and reputation with consumers.

As discovered during one of our projects, trust is key to play in today’s technology environment. By sharing their personal data, individuals open up their world to service providers and they expect to be protected. Trust is a relationship. Organisations cannot simply manufacture or advertise trust, they have to genuinely build it. If people know that the company behind the technology also has a shared responsibility and interest in minimising the risk of misuse of personal data, they become more open and willing to trust it. This is why, it might be argued, GDPR should be embraced by every organisation at a global scale regardless of a consumers’ nationality. Trust is a shared value and organisations must put it at the top of their priority list.

The greatest gift that the upcoming regulation provides companies is the opportunity to become more human-centred. When citizens turn into empowered agents who have control over their personal data by default, companies have a duty to empathise with them, respect them and design services that better meet their functional and emotional needs. Such understandings can only be understood and harnessed through a human-centred research approach.

GDPR is not about reducing the amount of data shared. Rather, it is about providing better services for the individual that they can believe and trust in, to enable continuously improved services that can benefit their lives.

GDPR is not even a mere list of rules to comply with.

GDPR is the first step towards reshaping the way we create dialogue in a consumer-centric world of trust, transparency and control. We believe that those who understand it and act upon it will be the winners.

May 18, 2018