The EU GDPR is an opportunity for business - lets seize it

By now most business across the globe, especially in Europe, will be aware that the EU General Data Protection Regulation (GDPR) becomes law on 25 May 2018. There has been a lot of scare-mongering around the hefty fines and stricter rules regarding the handling of customer data, but there is another story too. A topic that is being discussed less frequently is the opportunity that the EU GDPR is bringing for businesses.

Compliance will require procedural changes, but it will also offer companies the chance to demonstrate to their customers that they take data protection seriously. It will help to build trust, protect reputations and ultimately result in an improved customer relationship. Overall, it will make things better for everyone involved. Below are some reasons why.

1) Do the right thing

The EU GDPR will nudge many companies to do what they should be doing anyway: setting up the right framework to protect customers and their personal information. The sheer amount of data that organisations hold at this time is enormous and it is surprising that a measure like this hasn’t been put in place before now.

As it will impact all areas of an organisation, the legislation will undoubtedly raise the question of data security up to boardroom level. The C-suite may not always have prioritised data protection, with its attention, very often, focused firmly on profit. In the past, if it has worked out cheaper to pay a fine than to install proper security, many organisations will have done so. With the incoming regulations, however, data security will become one of the highest priorities in the long-term, for the people at the top of the company.

2) Preserve your reputation

The negative headlines that result from a data breach can damage customer confidence, share price and the reputation of a CEO and other board members. Under the new rules, companies that suffer a data breach will have 72 hours to let their customers know that their data is at risk and to inform the local regulator. This means that there will be no question of keeping any bad news under wraps. In the US, companies are already obliged to let their customers know if they’ve suffered a data breach – so in this context, Europe is only just catching up! The new scrutiny may be scary, but being forced to have the right security in place can only benefit business in the long term.

3) If it’s good for customers, it’s good for business

If a data breach can destroy your reputation, good practice can build customer trust. The new legislation effectively hands control of EU citizens’ data back to them, removing a growing cause of resentment between consumers and the companies they deal with. It also requires all organisations collecting personal data to be able to prove clear consent to process that data. Companies will have to ask permission from consumers and let them know exactly what it plans to do with that data. This creates a touchpoint that gives individuals a much better understanding of who holds their data, why they need to hold it and what they plan to do with it. For a responsible organisation, this is also an opportunity to begin to build a long-term relationship with their customers.

Don’t panic

The processes required by the EU GDPR are sensible security measures. The more prepared you are, the better you will be able to weather a possible breach. And a more open communication between you and your customers, which is also a requirement of the legislation, will mean a better relationship overall.

Holding customer data is risky, however. No matter what level of security is in place, hackers will always be looking for new ways to get their hands on valuable information. In the light of this, our advice would be to see how far you can go to avoid storing customer data in the first place. Organisations across the world hold a significant amount of personal data that they do not need – and the best way to protect yourself from a breach is to not hold unnecessary data. If you don’t hold it, they can’t hack it.

Most companies, however, will need to hold some information about their customers. For them the GDPR will mean better data protection measures, a more focused approach to protecting customers, better customer service and more transparency. What’s not to like?

About Tim Critchley

Tim has been the CEO of Semafone since 2009 and has led the company from a UK start up to an international business. He has helped secure Series A and Series B rounds of funding from various investor groups including the BGF and Octopus. Under his leadership, the company has secured global partnerships and won clients that span a range of industry sectors including major brands such as AXA, BT, Capita, Harley Davidson, Next, Rogers Communications Santander and Sky. Prior to joining Semafone, Tim was COO at KnowledgePool Group. Tim graduated from the London School of Economics and has an MBA from Manchester Business School.

About Semafone

Semafone provides software to contact centres so they can take personal data securely over the telephone. Semafone’s patented data capture method collects sensitive information such as payment card or bank details and social security numbers directly from the customer’s telephone keypad for processing. This prevents personal data from entering the contact centre, which protects against the risk of fraud and the associated reputational damage, ensuring compliance with industry regulations such as PCI DSS.