We’ve all heard much moaning and groaning around the upcoming GDPR. The work! The fines! The cost! But with just three months to go until the much-maligned new rules become a reality, we wanted to paint a more positive picture, with some success stories of those making GDPR work for them and, dare we say, even using it as a chance for disruption.
While many small businesses are facing an uphill GDPR struggle, some forward-thinking start-ups have grasped the opportunity to build something new, launching products and services that make the changes easier for other businesses.
One such enterprise is Databoxer, created to ease the problem of managing opt-in and opt-out consents; one of the key challenges of the legislation. The tool provides clients with a central portal for user consent details, along with a simple permissions tab that sits on their website, where customers can manage their consent settings whenever they visit.
Director and Co-founder, Tim Haynes told us: “We wanted to make the process of gaining consent simple, with a tool that would take about 30 minutes to set up and an interface that is quick and intuitive to use. Our goal is to become a trusted partner, with an app where users can proactively manage their permissions and where businesses automatically say, ‘oh, we’ll use Databoxer for that.’”
Another example is Beyond Encryption, which is using GDPR as a catalyst to tackle age-old issues with email security, often one of the most vulnerable areas of business communications. Its MailLock technology is billed as ‘Digital Recorded Delivery’, giving clients assurance that their messages have reached the intended recipient, while shielding the contents from email service providers.
“Communications is the thin end of the wedge when it comes to data security,” explains Founder, Paul Holland. “Everybody’s emails are still based on the same backbone technology that was invented all those years ago, making this one of the largest places where cyber-crime and ID fraud emanate. GDPR is a sign of the way the world is evolving, which is that people want control of their own data.”
Exploring new markets
The legislation has also led more established businesses to explore new services. Data Vault, a data warehousing consultancy, has developed a training offering as a result of the new rules, covering topics such as data stewardship, where individuals from different business areas, such as marketing, HR or finance, learn how to take ownership of compliance for their department.
The new offering has even led to unexpected opportunities overseas, as Head of Marketing, Mark Otten, tells us: “The most interesting training request has come from an airline loyalty scheme in Mumbai, India, which has asked us to undertake data stewardship training for them. Even though they’re outside the EU, they see GDPR as the gold standard and the global nature of what they do means they want to roll out compliance across the whole company.”
Driving internal innovation
The other side of the equation is companies using GDPR as an opportunity to innovate how they work, from internal processes, to external communications and customer relationships. Despite reports of swathes of businesses not being ready, a study by law firm, Boyes Turner, found that many companies are using the changes as an opportunity to improve how things are done.
One such example is the digital advertising firm, Ve, which started its GDPR preparations at the beginning of 2016. With no formal certification for compliance, it set about gaining the ISO 27001 accreditation for Information Security Management, to ensure it was fully prepared.
“Everybody seems to be quite fearful of GDPR… but we’ve used it as a positive catalyst to improve our products and position ourselves as a beacon for how services should be run,” comments David Marrinan-Hayes, COO at Ve. “For example, we’ve built a prototype platform where customers can check the status of their own data, making it easier for customers and retailers. We’ve also seen efficiency savings in processes such as managing data access requests. What used to take 20 or 30 man-hours, often by quite senior people, now takes just an hour or two.”
Taking a proactive approach can also bring reputational and service benefits for brands who show they are using customer data in a responsible way. Boyes Turner likens this to the effect that review sites such as TripAdvisor and Amazon have had on the retail and travel industries, which forced a shift in the balance of power between company marketing departments and their consumers regarding brand reputation.
Its report states: “GDPR will force yet another shift in power from companies to consumers… Trying to stand in the way of the disruptive juggernaut is futile. Instead, as they have with TripAdvisor and the like, firms must look for ways to adapt and take advantage of the new world of marketing, data and consumer control.”
Helen Goldberg, COO at LegalEdge echoes this sentiment, saying: “By being proactive about GDPR and communicating how they protect and keep data secure, businesses can meet procurement teams’ compliance requirements, boosting confidence, loyalty, and setting them up for long-term, successful relationships.”
Finally, there are potential service and customer relationship improvements to be seized, something that customer engagement expert, EngageHub, has been focused on. Digital Marketing Manager, Nigel Linton-Fielding, says: “Where GDPR compliance can by truly beneficial is when it is used as a means to fine tune the way businesses communicate with customers, by adhering to customer preferences at every stage of the relationship. By making every engagement human-centric, organisations will be shown to be trusted and authentic, inspiring transparent relationships with their customers.”
It’s encouraging to see that GDPR doesn’t have to be all doom and gloom, with lots of positives on offer - for start-ups, established businesses and above all, the future of the brand-consumer relationship. So, if you haven’t already, with three months to go until the regulations finally go live, there’s still time to find the silver lining.
We've made buying insurance simple. Get started.
- 11 May 20222 minute read
Find out more about Daylight, Superscript’s brand new dedicated insurance product for digital asset businesses operating on the blockchain, the first of its kind from a Lloyd’s broker.