Lu Zurawski, Practice Lead, Retail Banking at ACI Worldwide
Companies need to think beyond GDPR compliance and move towards proactive data privacy, consent management and customer-centric controls
The EU General Data Protection Regulation will enter in force in May 2018, and there can be very few businesses today who are not scrabbling to meet compliance objectives.
GDPR sets out rights of citizens and consumers as owners of their own personal data, meaning that data can only be processed by a company if the data subject has given consent to the processing of his or her personal data for specific purposes, or if that data is essential to fulfil the service contracted by the data subject. So far, so good. Arguably many companies will alter existing customer agreements in search of compliance.
Two weeks ago, however, GDPR and its potential ramifications reached a whole different level. The revelations about Cambridge Analytica and the alleged illegal access to the private data of almost 87 million Facebook profiles might turn out to be a turning point in consumers’ expectations on how big data can be harnessed safely.
GDPR was never just a data security issue aimed at discouraging physical data breaches. The new regulation focuses on the rights of companies to use data, and the obligation to have explicit and informed consent from the people who own that data. GDPR should not be treated just as a compliance issue. It opens up a whole new industry for personal data management.
I predict a wave of class actions once GDPR has come into force, brought forward by legal groups and consumers, fuelled by occasional data breaches – both physical and legal.
This likely to be noisy and chaotic, but it could pave the way away from traditional definitions of B2B and B2C towards a personalised data economy, where consumers become far more aware of the potential value of their own data, and of their opportunities to convert this potential value via new so-called ‘Me2B’ propositions.
‘Me2B’means the consumer dictates the terms of how business relationships are formed. The ‘Me2B’ customer defines his or her own concept of loyalty, inviting businesses to sign up to the ultimate customer-centric loyalty program managed by ‘me.’ This would turn existing notions of loyalty and marketing upside down.
Companies need to think beyond GDPR compliance and move towards proactive data privacy, consent management and customer-centric controls. Data users will need to invest in data management architecture, including the use of metadata definitions that include information about the use, origins and provenance of a specific data field or record (in addition to the definition of the field itself).
Awareness of citizens’ rights in regards to their own data is growing. The winners in the new ‘Big Data world’ so far have relied on consumers not really noticing. But as the unfolding Facebook/Cambridge Analytica saga shows, the landscape for big data has shifted. It will no longer be acceptable to process and monetize consumers’ data without their explicit buy-in. And that will require new incentives and motivators. The winners in the next generation of Big Data will need to work out how to manage relationships with and preferences of individual consumers.