GDPR: where there’s risk, there’s reward
Making changes to your business to meet the GDPR requirements is an expense, that’s true. But the risks of not complying with the mandates are serious, from fines to negative PR. Can you prove that you have appropriate and adequate controls in place to manage personal data? If not, you’ll need to get organized, and if (or when) the GDPR regulations change again, you’ll need to be flexible enough to keep your operation compliant.
The financial cost of being non-compliant may be up to twenty million Euros or 4% of your annual revenue. And once an organization is fined it will be scrutinized more carefully going forward. If you are found to be out of compliance, your reputation will likely suffer. The press won’t hesitate to report on your misfortune, and if the press is interested, you know your customers will be even more so. No one wants to do business with a company that can't handle their customers’ data correctly. Imagine how you would feel if it was, for instance, your bank accused of non-compliance: if you can't trust them with your data, how can you trust them with your money?
Customer data is valuable to you and data privacy is important to your customers. The GDPR is taking steps to protect both. If you have an infrastructure that provides consistent, timely and professional processes with low customer impact, you will improve the customer experience (CX)— and your reputation. So why not look at the GDPR as an opportunity to differentiate your organization? After all, if the customer trusts you with their data, they’re more likely to trust you with their money. So what steps do you want to take?
Golden Record & audit trail are key
Customer data is collected throughout the customer’s journey with your business; through discovery, evaluation, purchase, and experience of the product or service. No matter how you got their data, you don’t actually own it, the consumer does. As such, they have the right to know what data pertaining to them has been stored in your company's systems—all of them, and they have the right to have that data changed or updated. Do you know where all your customer data is? The advent of GDPR means it’s time to find out.
The first step is to profile the data so that you know what you have and of what it is comprised; its makeup and quality. Then cleanse the data to resolve the issues you’ve identified and standardize it into a consistent format. Once that’s done, you will want to consolidate it all, at which point it’s time to match and de-duplicate the data. That, in short, is how you create a single customer view, containing a Golden Record of each individual.
It’s always a good idea to leverage additional data sources once the data has been consolidated. For instance, you can add transactional information from the Call Center, or import external information like a credit check or a national change of address. The more information you append, the more comprehensive a view you will have of your customer. Some information will even reduce risk for your organization, for example, screening customers against sanction lists.
Solutions for data management, like the one Quadient offers, also need to provide security so that you can identify the specific individuals who are allowed to view, edit, remove, or export data, along with an audit trail which logs every modification. You want to be able to explain activities performed on Golden Records; what was this customer being searched for, was the data edited or exported or removed? A proper solution provides a complete log file of what’s been done with, or to, your customers’ data.
These are the steps in a nutshell towards a GDPR strategy that cuts both ways. To explore this topic further we invite you to download this free white paper: “GDPR: Where there’s risk, there’s reward”.