GDPR is more than just rules – it’s about trust

An unwanted piece of legislation that penetrates everything and the cause of many grey hairs – or a necessary customer driven regulation and a springboard for new business? With the aim to look beyond compliancy and focus on post-GDPR, Cognizant held a well-attended breakfast on the 27th of April with the theme How can GDPR Generate New Business Opportunities.

It’s less than 400 days left and the clock is rapidly ticking. GDPR comes into force in May 2018, and no business can avoid it considering the heavy penalties if you fail to comply. So, is this hectic period really a good time to start looking beyond regulations?

Yes, it is. Because for those who manage to play the cards right from the very beginning, new opportunities will arise. What to do then? While there is no silver bullet solution, the secret sauce to success is a mixture of a holistic approach, transparency, and trust. Privacy is rapidly becoming the defining issue of the digital era, where customer trust is essential for success beyond compliance.

Trust, a main theme
According to Abhishek Rishi, who is leading the Cognizant Digital Business consulting practice in Analytics and Information Management in the Nordics, there are two possible approaches when addressing GDPR: business model thinking vs. compliancy only thinking.

The former is a more competitive approach, where consumer trust is the main theme. Trust is namely the value that will define your business in the digital era, and a serious breach of trust means lost business. To succeed, structuring the right customer consent level is super critical. Where should you begin? Starting with legal grounds is a good start.

GDPR as business enabler
Clas Ohlson’s work with GDPR started a year ago, and Urmas Aamisepp, the company’s Chief Information Security Officer, views GDPR as the enabler of a positive spiral of benefits. If the customers trust the company, and give their consent to storing and using personal data, you get better insights and can increase the relevance in your offers. But how do you establish trust? It’s about creating transparency through the processes.

What have their efforts resulted in so far? Besides from creating a good opportunity to build a new e-commerce solution, the work has brought about interesting future business possibilities related to IoT, biometrics, and heat maps in stores.

Customer-centric, aligned approach
Caroline Olstedt Carlström, Vice President Privacy at Klarna, says that GDPR it’s not about meeting privacy laws, but rather about meeting customer expectations. It’s through accountability you build trustful customer relationships and makes it possible to transform risks into advantages.

Klarna’s own GDPR work is progressing thanks to a cross-functional team and a globally anchored approach, where a privacy-aware corporate culture is promoted. Caroline Olstedt Carlström also calls for a new position: the Data Protection Officer, a multi-tasker with knowledge of security, legal and engineering, who will safeguard privacy matters.

Problem-solving and new methods
Ian Oliver, Senior Security Researcher at Nokia Bell Labs, means that GDPR is about risk management more than following rules. It’s a cultural step where you need to move privacy matters closer to those who are working with it to see results.

What does it really mean? Organizations should develop the employee’s techniques and skills, adapt a more holistic engineering-legal perspective, and focus on problem-solving. For one thing is clear: you can’t just hide behind rules anymore.

Check out all the GDPR presentations on video.