Turning GDPR into an Opportunity

The European Union’s General Data Protection Regulation (GDPR) is set to begin enforcement in 18 months. This legislation strengthens data protection protocols to give European Union (EU) residents more control over their personal information, including the famous ‘right to be forgotten’. GDPR’s far-reaching scope, extending to any organization or resident dealing with the data of EU residents, means that it’s effects will be felt across multiple continents.

Businesses around the world have largely responded to GDPR with a mixture of panic and inaction, where few CEOs can comfortably say they are ready for enforcement. However, where there is friction and change there is opportunity. With the right perspective, strategy, and tools, businesses can not only be ready for GDPR, they can be better off.

GDPR makes organisations responsible for documenting data procedures, soliciting explicit consent from EU residents for collecting their data, deleting data upon request, notifying residents their data will be processed or transferred to another service provider, and delivering requested data in a structured and commonly used format in a timely manner.

In addition, businesses must designate a Data Protection Officer (DPO), one-half compliance officer and one-half information technology (IT) director, who oversees the organisation’s compliance and risk obligations. Furthermore, the legislation cannot be taken lightly. Penalties for not complying can reach up to €20 million or 4% of global annual turnover in the previous financial year, whichever is greater.

While new regulation rarely provides new benefits for corporations, the mastering of data provides a unique opportunity for them to get a better handle on what information they have, and how it relates to the persons and organisations with whom they interact. Done correctly this could have direct benefits that enable them to increase customer satisfaction, improve operational efficiency, sharpen strategy and market segmentation, improve upsell and cross-sell opportunities and perhaps even improve their corporate image.

Is there a simple solution?

The fact that Businesses must be able to extract every last morsel of information and deliver it or delete it upon request has ancillary benefits. However, this requires businesses to identify duplicate records and resolve the data conflicts. Duplicate customer records plague many businesses. If residents were to ask for their data to be deleted it is doubtful their information would be properly removed from all systems; from customer relationship management to data warehouse to data backups.

By bringing several data sets together and creating a single repository that incorporates data matching and is easily accessed by internal stakeholders not just IT, businesses will be able tackle this task efficiently. The far-flung scope of where data can live means complying with this law is not limited to IT. Business teams and front-line staff must have access to this system. At the same time, they will benefit greatly from implementing on-going data governance in terms of regulatory compliance and risk reduction. Businesses cannot simply rely on addressing the issue of GDPR by applying an IT strategy. A comprehensive and inclusive data strategy will be required to deal with customer requests efficiently and effectively.

The opportunity

PR - As public awareness of the regulations increases leading up to the enforcement date, smart organizations will see this as a chance to be proactive. With an understanding what data they hold they can reach out to customers in advance of the deadline to ensure its accuracy and explain why retaining it will benefit the them.

Helping customers understand these principles is vital to turning this regulation from an onerous administrative burden into an opportunity to increase customer satisfaction with a positive and proactive message on data privacy and usage.  This should result in a more positive corporate image focused on honesty and integrity. With any luck, far fewer individual requests for a business to remove data should result from proactively messaging customers.

Marketing and Customer Service

As long as data needs to be easily accessible to efficiently deal with a request for deletion of information the benefits of a centralised data repository extend to marketing. If the data is de-duplicated and cleansed, marketing can leverage this information for marketing initiatives and outbound campaigns. 

An obvious example of this is the multiple times customers are contacted by an organisation that does not realise “James Smith” and “J Smith” are the same individual, sending multiple solicitations to that same person – increasing costs and lowering that customer’s impression of the business.

Moreover, the ability to positively identify customers in a single view will pay benefits when they reach a call centre or customer service agent, interact across channels (for example in a store one day and online the next), or trigger returns or exchanges.

Operational efficiency

As the business builds an easily accessible data strategy, ensuring that it is relevant and up-to-date is key to complying with GDPR. Fortunately, these efforts can provide many positive operational impacts. There will be more certainty around the demographic and geographical composition of customers.

In this way, questions such as:  

“Where should we deploy staff and resources?”

“What skills are needed?”

“What kind of products should we have ready in particular stores or warehouses?” … should be easier to answer.


Taking action to address GDPR will result in better data quality it will also better enable the discovery of reliable patterns among customers. Intelligent organisations will use this chance to add analytics to enhance their strategies. Surfacing patterns and trends on high-quality customer data makes business analytics more valuable.  At the same time, reliable data can be more easily enriched with third-party information, such as regional economic forecasting, address geocoding and demographic information.

Taken together an accurate and enriched customer database surfaces opportunity for new ways to make better and more profitable business decisions. Predictive analytics, Artificial Intelligence (AI) and other modern techniques can be added to move the business forward.

Upsell and Cross-sell

Despite the headlines, GDPR does not mean individuals will immediately demand all their data be deleted.  Many may be content to allow trusted organisations to retain pertinent data that benefits them in their interactions with the business.

Streamlining data means companies can better identify their customers and understand how much business they do with them. In addition to providing better customer service through the ability to identify loyal customers or those with frequent warranty requests, the business can find opportunities to present a related product at the right time through better understanding of customer habits. This understanding of what related products would complement the consumer experience opens upsell and cross-sell opportunities.


Inaction is not a choice. Gambling on the public being relatively unaware does not reduce risk exposure. The fact that GDPR was proposed and passed is a signal that the public is taking notice of who has their data and what they do with it. While, organisations can receive a warning for a first-time, non-intentional offense, future inaction can be considered negligence and may be punished. Are you prepared to open your organisation to this degree of risk?

In doing nothing or acting too late, a company is simply gambling that there is no fallout. If an organisation does the bare minimum to comply, haphazardly protecting and deleting information while leaving many pitfalls, that company is also rolling the dice. Both approaches could have drastic negative effects on profitability and revenues.

No time to lose

EU residents will soon be reminded that they can ask organisations to expunge their information or provide details records of all areas where their data is used. Is your organisation ready to deliver this information? Or will you be stuck trying to even find the data and risk non-compliance exposure?

With the high administrative burden this places on businesses and the extraordinarily steep fines, the businesses that will come out strongest are the ones find ways to turn this regulation into the foundation of a robust IT strategy, rather than haphazardly adopt an ad-hoc solution to meet the minimum requirements. How will you turn GDPR into an opportunity for your organisation?  

Additional Resources:

Master Data Management is the key technology required to fully understand your customers, what data you have about them, and how they interact with your organization. Learn more about building an effective GDPR solution with a Proof-of-Value from Semarchy: benefits, ROI, milestones and an implementation timeline in under two weeks.