GDPR and the Dangers of ‘Fix & Forget’ Compliance
2018 is in full swing and barely a week goes by without a headline discussing robots, machine learning and AI, and how this increasing automation is impacting different industries around the UK. Machine learning and integration of technology are major developments for the modern age, but there is genuine concern about how it can go too far, especially when it comes to automating business processes, including the impending GDPR. Below CEO Today hears from Jonathan Carter, Managing Principal and Head of Customer Strategy, Acxiom, on the risks of ‘Fix & Forget’ compliance.
In our increasingly digital world, if something can be automated, it probably will be, even if it may be unnecessary. Automation can also be a great asset to a business. It’s very useful when systematising high volume, repeated, relatively simple processes. According to Bill Gates, “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.” In essence, if a process is complex, automating it can magnify existing problems in the system – just look at the impact of Lehman Brothers and their financial algorithms. Automating a flawed process brought financial markets to their knees on a global scale.
Lurking behind the countless stories about lack of awareness within businesses of all sizes, and the EU’s latest communication clarifying the run up to May’s deadline, there are hundreds and thousands of businesses looking to understand what GDPR means for them and how to best prepare. Given this uncertainty and lack of understanding, automating GDPR compliance within their business may seem a convenient solution. To achieve certain large scale, repeatable data compliance functions it may well work, such as looking through a database and flagging how contact permission was obtained on that customer, or when a record was added. But that’s not the whole story of GDPR.
Buying off the shelf automation is rare, as many automated products and services will require configuration before they can be used. Even satnavs first have to be set up with your location country to point you in the right direction. The more complicated the process, the more configuration required. Simply automating a process before it is fully understood could be very risky, and potentially cause more problems than it solves.
Unfortunately, there are very good reasons why GDPR is complicated. No two businesses will have a similar use or organisational approach to using their customer data within their corporate structure. This means there is no single ‘fast fix’ approach for making sure every instance of customer data within an organisation is tracked and assessed as compliant with a single automation tool.
For much larger businesses, this becomes an even thornier issue. They are also responsible for the many supplier or associated companies with whom they share their customer details. This means an automation tool would also need to tag and track every instance of their retained customer databases as well on behalf of the ‘parent’ business.
Most information coming into modern organisations from their customers is the very definition of ‘unstructured’ – up-to-the-minute feeds of people visiting stores, contacting call centres and browsing or buying on websites. It is immensely powerful. It is also often kept in any number of different systems which may not be compatible, and the concept of simply merging these volumes of valuable insight all together into one master list is almost Sisyphean. Effective automation is more complex, given the variances in format and the way this data is delivered into a business. It is not a ‘fix and forget’ screening job, but a journey of continuing compliance and feedback when it comes to a shifting and evolving customer base.
Of course, these are practical concerns when it comes to GDPR compliance, specific to the handling and form of data within a business. A much greater concern to the c-suite when thinking about automation options should be this: if a systematic process is managing the permissions and privacy concerns of your data, how can you be sure that your business is really embracing the customer-centricity and mindset which GDPR is designed to encourage? Furthermore, if your customers find out you have simply automated their privacy concerns and data, what will their response be? A man could automatically buy and send flowers to his wife from a florist on her birthday, but if she found out it was a simple recurring process, would she be happy? When it comes to GDPR, it is also the thought that counts to a business’ customers.
On one level, GDPR may seem like a stringent set of European rules when it comes to managing your customers’ personal details. But step back and look at the big picture, and it’s something very different. GDPR is intended to encourage businesses to adopt a much more customer-centric perspective, to consider the needs of the individual as the start of any company decision making, and to reflect their needs and concerns from that point forward. Set in this light, GDPR is an opportunity, not a hassle, albeit one which comes with a sizable financial stick to go along with the carrot of better customer management and knowledge.
Businesses should be encouraged to see GDPR as an opportunity to put their customers and their data, at the very heart of their business. GDPR compliance, if rolled out carefully and correctly, has the potential to open up each and every person within a business structure to the power of harnessing customer data, as well as how to treat this information with respect. This is going to be an especially vital skill for companies to develop and understand as the future becomes more integrated, digital and data-dependant. It is the task of the senior management within enterprises to understand that the GDPR is not a nuisance to be dealt with, but part of an ongoing journey in terms of customer management and respect shaping the future of business success for companies of any size and industry. It is therefore important that those looking at automation offerings understand their strengths and limitations, and make an informed choice when it comes to what’s best for their businesses and their customers.
