Leveraging GDPR to build a culture of digital confidence


Written by John Greenwood

Published July 2018

In this article...

UK Information Commissioner Elizabeth Denham declared that 25th May would mark the beginning of a journey for both consumers and the public and private sector alike.

There’s no reason why that shouldn’t be true. But are we sure it is? Is the day the new data laws became legally enforceable really a new beginning or is it just an opportune time to warn those lagging behind the curve that ‘trust’ is the new basis on which we’ll be making our future choices? And that the common courtesies we call ‘customer service’ have only ever been the invention of the marketing industry to help them sell their wares?

Developing trust in a world where the growth in cybercrime outstrips the growth of nearly every other industry you can think of does not provide a sound basis for building confidence in people, processes or technology. According to the report published in March 2018 by McAfee in collaboration with the Center for Strategic and International Studies (CSIS), the global cost of cybercrime is estimated at $600 billion annually, a worrying figure that corresponds to 0.8% of the global GDP. Comparing the value with the cost of cybercrime estimated in a past study, the overall cost has jumped from $500 billion in 2014 to $600 billion, an increase of 20% within 24 months.

Trust: why it has to work both ways

Trust, as we know, is a two-way dynamic.  As consumers of goods and services we trust that the provider will deliver against our expectations and embrace the duty of care we might reasonably expect to keep our data safe and secure. Trust is then also generated within the public and private sector organisations we interact with, as they invest resources to manage the people, processes and technology required to deliver the goods and services we’ve chosen to consume.

The very nature of the GDPR, its gravitas and its reason for being represents a seismic shift in the way that we as consumers are able to interact with our own data and take some personal responsibility for our own data security. Should all EU states make the most of this opportunity, then the GDPR will have been successful in building the trust of the consumer in the trust dynamic.

But what of the ‘provider’ side of the dynamic? How will the public and private sectors react to supporting the new policies, processes and forms they’ve created to be ready for the legal enforcement of the GDPR? Will they start to behave in a way that makes the seismic shift on the other side of the trust dynamic an everyday service reality? Unless entities actively embrace what’s needed to build a culture of data security right across their organisations, the trust dynamic will not be balanced and a culture of confidence in the digital economy will not be established.

The reality is that organisational anxieties about data protection should not be driven by the time, cost and effort in implementing new policies, processes and forms required to meet the new obligations, but be focused on addressing the reality of the threats this new regulation is seeking to address.  And, of course, embracing the opportunities offered by the regulation to create a market advantage.

The new definition of customer service

In her GDPR for the boardroom video address last year, Elizabeth Denham said:

"Get data protection right, and you can see a real business benefit…the pay-off here is not just in better legal compliance, but in competitive edge, and whether that’s in terms of attracting more customers or addressing more pressing public policy needs, I believe there is a real opportunity here for organisations to present themselves on the basis of how they respect the privacy and dignity of individuals."

The notion of reducing costs through the creation of trust, both internally and externally, may begin to replace the old paradigm of customer service. This is how organisations should embrace the opportunities offered by the requirements of GDPR, and help create a competitive advantage.

Whilst the ICO and other institutions, such as UK Finance with their consumer data security awareness programmes, will do much to increase consumer confidence, organisations must start looking to their senior management teams to develop a top-down culture of data security and data security awareness.

This is imperative if they’re to bring any balance to the trust dynamic and maintain the confidence of those of us who are beginning to make our choices based on trust, as well as building confidence within the organisations providing the goods and services we consume.

And once that two-way relationship of trust is established, organisations can start reaping the rewards of growing and retaining a loyal customer base alongside a committed workforce, ensuring they’re the provider of choice and protecting their success for the future.

Contact us to find out more

About the author

John Greenwood is Director of Thought Leadership at Compliance3 and supports the COMPLY proposition for Capita Pay360 that helps merchants reduce the time, cost and effort in meeting their PCI DSS compliance requirements. He has spent over 25 years in the customer contact centre space helping leading brands interact with their customers to reduce cost and improve service.


About Compliance3

Compliance3 is a technology agnostic professional services firm with a heritage in delivering large change projects in the contact centre environment. They help governing bodies and acquiring banks define and support compliance guidelines whilst at the same time help public as well as private sector organisations meet their payments and personal data security obligations, reducing the time, cost and effort in achieving and maintaining compliance.


Sign up for similar content

Receive the latest insight and tips, straight to your inbox and learn how to maximise the success of your business.