GDPR and the Currency of Trust
Well, GDPR hasn’t been the datapocalypse some made it out to be, has it?
About this time last year, everyone was worried about the upcoming GDPR deadline; vendors flooded the market with fear-laden headlines. Spreading the idea that if you weren’t compliant by May 25th, you would face fines in the millions of Euros. These vendors were urging customers to spend lots of money to avoid these fines (buy my software; buy my services; buy both!). Personally, I’ve never felt that scaring customers into buying things was the right way to do business (“Kids, clean up your room or there’s no dessert, tonight!”). But there is a positive pay-off to good Information Governance and to complying with a regulation like GDPR.
So where does that leave us 6 months after its enforcement?
The Trust Factor Not the Fear Factor
Getting to the point where an organization is GDPR-compliant means having some sort of Information Governance strategy in place, and that’s what we’ve been encouraging our partners and customers to focus on (“Kids, clean up your room so you can find stuff when you’re looking for it!”).
Full and transparent disclosure, here: at NetGovern we develop, market, and sell software that helps customers with their Information Governance initiatives, namely making sense of all their unstructured data (files, emails, etc.), so of course it’s rewarding when partners and customers buy into our vision and leverage our solutions to solve their problems. It’s why we exist. But we’ve also tried to focus on educating about the WHY of good Information Governance strategy. It just makes good business sense and builds trust, which is the fundamental currency of business. Customers generally buy from people they trust. No trust, no business. Or, at the very least, business without relationships, and how sustainable is that?
GDPR - The Challenge of Getting Started
In the past year, I’ve been fortunate enough to have many conversations with partners and customers, and there’s almost always a common thread: the challenge of getting started. “Where and how do I start? This is too big a job, we’ve got so much data.” Inevitably, this brings to mind the famous quote by the ancient Chinese philosopher Lao-Tsu: “A journey of a thousand miles must begin with a single step.” Looking out at a thousand-mile road is a scary thing; looking down at your feet and taking that first step... not so much.
The Currency of Trust as a Basic Business Principle
No organization should be scared by GDPR, or by any other data privacy regulations. There is certainly some external pressure on organizations to comply with these regulations, especially in certain industries, but that shouldn’t be the main driver. Too many companies have been treating their customers’ information simply as “data”, to be used in marketing, profiling, and to drive additional sales. There’s nothing wrong with this – I’d rather have products and services targeted at me that are meaningful to my interests. I would argue, however, that there should be a more basic business principle at work here, which I’ve alluded to above. Customer data should be treated as the currency of trust that it is; it should be considered the most precious and sacred asset that a company has.
I certainly don’t mind providing my personal information to companies and organizations with whom I deal, but there is an implicit understanding involved when I provide that information – I have faith that they will be responsible and accountable for that data. When they aren’t, there’s a huge loss of trust, and it may take a long time to earn it back. I’ve stayed at Marriott hotels, in the past…
GDPR - 6-Month Report Card
So, back to GDPR: where are we after more than six months? Progress is being made; breaches are being reported under the new regulations (that’s a good thing), but no huge fines have been imposed as of yet. If anything, it is forcing organizations to start thinking about what’s in their data, how it can affect their customers, and how they can mitigate the risk of anything happening to that data.
And that is also a good thing.