Businesses have been rushing to turn their data into gold, harnessing as much of it as they can for customer insights that point the way to increased sales and new opportunities. Meanwhile, the regulatory compliance screws have been tightening: GDPR, Open Banking, PDS2, and many others place strict new boundaries on what companies can do with their data and how they must be held accountable for it.
Tasked with ensuring the business can still reap value from its data while complying with regulations, many IT pros feel like they’re stuck between a rock and a hard place. Here’s what you need to know about balancing these two responsibilities—and yes, it can be done.
Adjust for GDPR—it’s here!
Any company doing business in Europe has already gotten the memo about the General Data Protection Reform (better known as GDPR), which is set to come online in May 2018. GDPR’s stated goal is to strengthen EU citizens’ data privacy rights and cut down on identity theft. Any business that collects and processes data on European citizens must comply with it—even those headquartered outside the European Union. GDPR isn’t messing around: Firms that fail to meet the new standards could be subject to a hefty fine, up to 20 million euros or 4 percent of the company’s worldwide revenue for a single breach.
If your business collects any sort of personal data on European citizens, whether that’s through a website, a contact center, or some other source, you’ll need to get compliant—and fast. To start, be clear on what type of personal information you collect and process, and then determine what you can and can’t do with it under the new rules. Brace yourself for the amount of paperwork you’ll need to fill out to document all the measures you’re taking—this will help your business demonstrate compliance with GDPR.
IT leaders must also scrutinize their policies, particularly any policies that involve the flow of EU citizens’ personal data in and out of the business. You’ll need to update company policies to line up with GDPR requirements and then train employees in the new processes to close the loop. You may also want to consider updating your endpoint security strategy to include anything in the network that’s transmitting, processing, storing, or transferring data. From mobile devices to printers, take advantage of advancements in secure printing that stop threats the moment they start.
Watch out for Open Banking and PSD2
Now that it’s officially 2018, European financial services firms and banks should keep an eye on Open Banking, which aims to give banking customers greater control over their financial data. Banks will need to open up certain customer data via an Open Application Programming Interface (API), so it can be accessed by fintech competitors and other players in the market if one of their customers requests it be shared in this way.
There’s a related regulation, the revised Payment Services Directive (PSD2), that requires European banks to share data with their customers’ financial technology service providers via an API upon request. While it doesn’t require the use of an open standard, the goal is similar: to boost competition in the market and spur greater innovation in the financial services sector. While some American banks and financial institutions may think they can sit this one out, the Consumer Financial Protection Bureau signaled that it was considering implementing such measures in the United States, so you should keep tabs on the possibility of similar regulations coming into effect stateside, too.
At the same time as businesses adhere to stricter standards on guaranteeing the integrity and privacy of customer data, some may also need to securely share certain portions of that data with third parties. This may require a larger internal conversation about adjusting business models to address the increased competition—and with customer service an increasingly important differentiator these days, it could place a higher priority on the need for a high-quality customer experience.
Carefully balance regulatory compliance and CX
Businesses should begin thinking holistically about compliance to proactively manage risks that could interfere with business growth—like massive fines and the devastating reputation fallout from a Target- or Equifax-caliber breach. We can’t blame you for wanting to check a box and just be done with this less-than-fun task, since there are so many competing priorities to contend with, but you can make your life easier in the long run by putting in extra elbow grease now.
Some businesses are adopting this approach as they build single-view applications, primarily with the intention of delivering a higher quality and more consistent customer experience across the organization. By using applications that link and unify a diverse range of data silos, representatives from various units within a company can gain a 360-degree view of the customer, as well as their needs and preferences, to better serve them during every interaction. These types of applications—properly designed with compliance and CX in mind—can also help you identify how you’re managing customer data, ensuring it adheres to any applicable regulations.
As 2018 gears up, IT pros have a challenging mission before them: Get the business compliant while maintaining a rapid pace of CX innovation. The good news is that while the compliance effort requires heavy lifting at the outset, it should be less laborious to maintain over the long term once everything’s in place. Meanwhile, you may be able to improve your business’s CX as you pursue compliance, ensuring greater competitiveness in an evolving marketplace.