GDPR: The perfect tonic to reinvigorate your business

What GDPR means for customer experience and how to leverage it to create competitive advantage.

What is GDPR and why does it matter?

If GDPR (General Data Protection Regulation) hasn’t featured high on your radar by now, it should do.

It’s the largest shake-up to data protection legislation in the last 20 years, and will impact you, not only as a consumer, but also in the business you work in. Business owners up and down the country are currently scratching their heads as they attempt to unravel what the changes mean to them. 

If you think it doesn’t affect you, think again. With few exceptions, if your business handles “personal data”, you need to meet the GDPR requirements by May 2018. And there are some eye-wateringly hefty fines for non-compliance. Companies can’t afford to take risks in this area.

However, we believe the GDPR actually gives businesses the opportunity to take a fresh approach to data. It’s a chance to wipe the slate clean and start afresh, and in doing so deliver a far superior experience to their customers and prospects.

Bad data means bad customer service

People are more willing than ever before to exchange their personal information for a better customer service. But they also have a more heightened awareness and sensitivity to inaccuracies and misuse of data. Even something seemingly small, like addressing an email to the wrong person, will have a negative impact on your brand. An Experian report found that 72% of businesses surveyed agreed that data quality issues impact consumer trust and perception.

According to Experian, 64% of businesses believe inaccurate data is undermining their ability to provide an excellent customer experience. It’s safe to assume that much of the historical customer data businesses hold is pretty useless and soon to be non-compliant. Arguably, no data is better than bad data when it comes to the customer, so why take the risk of annoying customers or damaging their trust with data that is out of date or obtained without permission.

The GDPR will require many businesses to take a fresh approach to how data is managed within their organisation, and we believe many will take the opportunity to start afresh so that they can be 100% confident that the data points held are accurate and have the right permissions.

The single customer view is the ultimate goal for businesses wanting to provide a superior customer service. The GDPR will likely result in the formation of new ‘data leader’ roles within organisations who will have an intimate understanding of the flow of data through an organisation. This could be the missing piece in the puzzle for businesses striving to create a single customer view.

A best-in-class experience begins at the point of data collection

The GDPR requires businesses to make changes to how data is collected. But beware of falling into the trap of treating GDPR as a tick-box compliance exercise. Use the opportunity wisely to review and improve the sign-up and registration processes.

When it comes to on-page design amends, these are likely to be fairly minor if you already comply with the 1995 data protection directive. But for some organisations, such as banks or insurers - where what customers are signing up to is more complex - complying with GDPR could make the process more difficult for customers.

The new regulation creates an interesting paradox that will require more thorough user experience research and design execution. It requires controllers to: ensure their privacy notices are “concise, transparent, intelligible and easily accessible”; and greatly expand the information that must be included in that privacy policy. Ironically therefore, privacy Ts & Cs will need to be both “shorter” and “longer”.

In our own research, when questioned, people will express an interest in and concern for their data and how it will be used. But when observing customers filling out forms their primary concern is how quickly they can complete it. Almost no-one reads privacy notices and Ts & Cs.

Design plays a big part in helping customers to navigate the legalese of what they are signing up to. It has become common place online to make things as simple and quick as possible. This shouldn’t always be the case. Neil Pawley, Principal Consultant says:

There is a necessary complexity to many interactions. Putting these processes online changes the dynamic but it doesn’t reduce the complexity. They are complex by their very nature, requiring thought and consideration. The question is how do we modify people’s behaviour without breaking the flow in a process we have worked so hard to establish? How do we add sufficient drama to specific statements to gain attention and consideration without de-stabilising the control and confidence?

In the rush to be compliant for the GDPR it would be easy to bolt-on new requirements to an existing process. But this could result in further confusion and complication for customers. Following an experience design process where customers are involved in design decisions will minimise this risk.

We believe the GDPR should be embraced as an opportunity, not treated as a mandatory inconvenience. If your business is hamstrung by bad data, embrace this new legislation to wipe the slate clean and start building a much more valuable data asset from May onwards.

Be wary of putting GDPR in a vacuum, your whole business needs to be mindful of data and be signed up to any new processes you implement. Lastly, focus your efforts on creating a customer experience you can be proud of from the moment the data is collected, and shows respect for the value your customers have given you in their data.

To help you get started, here are five things to think about when tackling GDPR:
1. Become an expert

Make sure someone in your business understands the GDPR and how it will affect your business. This will involve them not only getting to grips with what the legislation says, but will also likely involve an audit of your current processes and the information that you already hold.

2. Update privacy notices

Take the time to thoroughly review your privacy notices, under the GDPR you need to include additional information. For example, your customers have the right to know why you are collecting information, all of the ways in which it will be used and who it will be shared with.

3. Review how you obtain consent

Getting consent from customers for the use of their data is getting tougher. Pre-ticked boxes will no longer be acceptable under GDPR. Consent must be freely given, specific, informed and unambiguous. Do not leave design changes until the last minute, take the opportunity to not just be compliant but to also improve the overall experience for customers.

4. Get to grips with data recall

When it comes to individual’s rights most businesses – if compliant with DPA – should find the transition to GDPR relatively straight-forward. However, there are some significant enhancements such as the right to be forgotten.

5. Share what you know 

The management of data needs to be a company-wide activity. Not only could GDPR create additional demands on resources but going forward, making sure that data is up to date and relevant will mean all departments will be able to serve customers better.

You will need to be able to track an individual’s data imprint across your business with ease. Not only will this make you compliant, but it will also help you extract maximum value from customer data.

Related articles