GDPR is about customers rather than dataPublished: 19/09/18
The European Union's new data protection regulations have sent ripples across Europe and beyond, as these extra-territorial rules have put new responsibilities on businesses trying to operate effectively in the digital era.
The regulations may seem onerous for businesses: having to provide records of all data held about an individual upon request; mandatory notification of data breaches; appointment of a data protection officer (DPO) for large scale data handlers, to name just a few. But those companies that view compliance as just another unnecessary tick-box exercise are missing the point of GDPR and, as a result, are in danger of falling short of their customers' expectations.
Bringing balance back to personal data handling
Rather than being a case of regulations for regulation's sake, GDPR is an attempt to redress the balance between customers' rights and the use of their personal data by companies.
Although the previous data protection regulations (Data Protection Directive 95/46/EC) were already among some of the strictest in the world, consumers had grown increasingly uncomfortable with the buying and selling of their personal data to unknown third parties.
The nuisance that this caused consumers spread well beyond the provision of unwanted marketing messages. Demographic and website usage data could be used to build psychological profiles of people; essentially, unknown third parties were being allowed to delve into consumers' intimate online habits without their knowledge or permission.
User control builds trust
This situation could not continue. A 2015 survey by the Data & Marketing Association found that 80% of people viewed their data as their own private property which they felt they should be able to use as they see fit, for their own benefit.
Crucially, the same survey shows that as trust has grown in the systems that businesses put in place to protect and respect personal data, so customers have been happier to share their personal information:
"In 2015, 40% of consumers chose trust in an organisation as the most important factor when deciding to share personal information, four times more than any other factor."
Trust, however, means that businesses need to protect data properly, something that recent data breaches at massive firms shows is not always the case.
Alongside security, another key factor in building customer trust has been the issue of control. An overwhelming 90% of people want to control how their data is used by businesses. This is something that GDPR seeks to address through both its disclosure regulations and 'privacy by design' features.
Ever increasing amounts of data
Utility companies are the custodians of an enormous amount of personal data, and the advent of smart meters is adding to that considerably by providing real-time insights into their customers' domestic and business activities.
As consumers become increasingly aware of the value of their data - and the very personal insights it can provide - so they will expect power producers to maintain extremely secure databases. Customers will want their utility providers to either refuse to share data with third parties that aren't directly involved in service provision, or will want to know that those third parties are adhering to the same high standards.
A catalyst for cultural change
Once these changing consumer attitudes are understood, so the value of GDPR to businesses becomes clearer. It can even play an important role in changing corporate culture to one of greater data awareness.
At a practical level, power suppliers need to audit all of their data storage and processing systems. They will have to ensure they're using reliable database software and utility billing systems such as Jenworks from Jendev. It is fully GDPR-compliant and is deployed by a team that truly understands the values and intricacies of the EU's new regulations.
While non-EU based power suppliers may not be subject to GDPR, the value that the regulations bring as a benchmark for best practice means there is a strong case for using it as the definitive framework for new corporate standards in data handling.
Those firms that implement GDPR voluntarily will be seen as understanding a simple fact: the regulations are not really about data, they're about delivering the very best for customers.B a c k t o K n o w l e d g e