As an enterprise data-solutions service provider, Merit Group is GDPR- compliant, and is committed to remaining at the forefront of change as the UK formulates its own legislation. We’ve made this stance not only because it’s the only responsible and reasonable approach to 21st century data management, but because of the significant knock-on benefits for our clients and their customers.
The benefits of using GDPR-compliant providers
Handling compliance in-house often requires investment in new technology. The UK Government-endorsed TrustMark advises that companies “may need to make changes to the way you manage data,” such as migrating to the cloud and the Internet of Things.
Blue Logic’s Tim Hall likewise sees GDPR as a reason for companies to move to the cloud, saying they should see it as “a real opportunity to build new processes and systems that can benefit the customer and the business… If you can look past the short-term pain of GDPR compliance then you will reap the benefits of it in the long term.”
Using a GDPR-compliant service provider, and benefiting from its ongoing investment in technology and processes, can reduce cost, uncertainty and complexity, and many providers integrate tools designed specifically to verify compliance. Microsoft 365 compliance center, for example, issues an easy to understand compliance score and simplifies administration, including the relocation of data between data centres.
But that doesn’t mean organisations are entirely excused when it comes to looking after their own data.
Leading cloud services employ a shared responsibility model in which, says Zack Brigman at Metallic, “the cloud service provider is responsible for the infrastructure and underlying services of their SaaS applications – while the customer is always responsible for protecting his or her data.”
GDPR and the customer experience
Customer experience determines the likelihood of repeat business, and whether customers will recommend a brand going forward. It’s one of the most important factors in growing a loyal customer base, and, as discussed at HubSpot, “the best marketing money can buy is a customer who will promote your business for you — one who’s loyal to your company, promotes your business through word-of-mouth marketing, and advocates for your brand and product or service.”
Contracting with GDPR-compliant providers can help as, chosen carefully, they can have a significant impact on an organisation’s efficiency in complying with GDPR. Being able to demonstrate that it knows what data it holds and where it is, and simplifying the task of complying with data subject requests with smooth, automated routes to opting out or providing records, should give the customer confidence.
Giving customers the tools they need to tailor their own record – or opt out entirely – means they’re simultaneously helping to sanitise and de-duplicate an organisation’s data. Moreover, it streamlines the number of contacts they’re targeting, to focus on just those who are most engaged, and actively interested in working with the organisation.
GDPR, says Vonage, “gives organisations an opportunity to boost customer engagement. The opt-in model guarantees that customers only receive offers they have explicitly requested and only in the channels they have designated. Hence, by complying with GDPR, organisations can also target customers with relevant offers in sync with the brand. That’s what marketing is all about: delivering the right message, to the right customer, through the right channel, at the right time. So no more unfocused outbound SMS or mass email; in the era of GDPR, communications need to be personalised for the customer.”
As BearingPoint noted when GDPR was first being widely discussed, it presents an opportunity “to really transform the customer experience. It should be the marketing teams that are pouncing on the compliance catalyst to build a case for bringing customer data into the much sought after 360 view that drove many CRM visions in the early 2000s and to exploit this data to create truly personalised and relevant customer experiences.”
When less is more
Limiting what an organisation collects means it can focus on what has the greatest impact, while also overcoming customer doubts.
“How comfortable are you with the idea of an organization having access to everything you do online?” asked Lizzy Foo Kune at AdExchanger. AdExchanger put this question to its consumer community and “72% of them agreed that it makes them ‘very nervous’ to share personal information online, an increase of 13% from 2014… There’s no appealing way for organisations to position the value of an all-knowing, 360-degree view of you, scaled to the power of every brand you’ve ever done business with.” Thus, Kune advises organisations, rather than trying to collect every possible data point, “align the scope of your customer data collection efforts to the value you’re aiming to provide.”
Contracting with GDPR compliant partners reduces the burden involved in operating withing the terms of the Act. It’s easier to export subject data in a transportable format, and to delete them from databases without manual intervention.
It also helps when an organisation is required to provide evidence of their safeguarding policies and, should they find themselves in contravention, will at least demonstrate that an effort has been made to comply, potentially reducing their liability and any subsequent penalty.
Every enterprise should ensure that it has a comprehensive data processing agreement (DPA) in place, which defines the responsibilities and expectations of both parties – provider and client – and fully explains all applicable safeguards. They might even choose to make this public and use compliance – particularly if they’ve gone beyond the minimum required by the Act – as a differentiator.
“Since consumers are becoming more and more suspicious about how their data is handled, the transparency and responsibility you demonstrate will encourage trust in your brand,” writes Netwrix’s Michael Fimin. Thus, you can use the GDPR to underline that you do care about the privacy of your current and prospective customers and stand head and shoulders above your competitors.”
Related Case Studies
Automated Data Solution For Curating Accurate Regulatory Data At Scale
Learn how a leading regulatory intelligence provider is offering expert insights, analytics, e-Learning, events, advisory and consulting focusing on the payments and gambling industries
Document Collection and Metadata Management System For the Pharmaceutical Industry
A leading provider of data, insight and intelligence across the UK healthcare community needed quick and reliable access to a vast number of healthcare documents that are published everyday in the UK healthcare community.