Have you seen it too – on your doormat and email inbox – the flurry of companies scrambling to update you on their terms and conditions, and then pleading (if not begging) for you to give them permission to stay in touch? Apart from your likely surprise to discover quite how many companies your data already resides within, just think about all the other companies you haven’t heard from yet! And as the phones continue ringing with GDPR deadline looming, we take a moment to reflect on how GDPR preparedness is a good barometer of digital maturity – or not.
#1 – Many organisations are clearly stuck in first grade
Over recent week news outlets and consultancies have released many a poll highlighting that many companies are nowhere near ready for GDPR. Whether the fines or the risk of reputation damage are cited as the stick to whack companies with, one thing is for sure… far too many companies (large and small) are nowhere near ready on the topic. That will be a problem for them, and an expensive one at that.
For anyone reading this still not sure about GDPR – read this fantastic short guide from the ICO in the UK on what companies need to do.
#2 That can’t be surprising, given over a third of senior execs still don’t ‘fully get it’
Quoting one such poll (from EY Consulting – itself quoted in the Financial Times), 40% of Senior Execs in the EU don’t know the GDPR rules “even fairly well”. One hopes that on those Exec boards, at least one of them knows it incredibly well, but still the number whilst precisely wrong, is probably right.
And this has a broader reference-point back into the digital transformation journey. Too often have ‘transformationists’ used lingo and hyperbole in the pursuit of helping organisations improve their digital capabilities. This leaves too many behind, and the product of this is that major reforms like GDPR aren’t effectively understood, communicated and enacted.
We must get better at demystifying technology and what digital and data can do to drive a business.
#3 Not all sectors are created equal
It seems like some companies and sectors are on it. Utility companies, banking institutions, charities, the public sector and retailers have overwhelmingly taken the lead in proactively contacting consumers, getting their data and house in order.
Generalisations are generally useful, but they are also somewhat unhelpful. It seems clear that organisations with strong governance and tight corporate management are ahead of those who don’t. That could prove an expensive mistake.
#4 People still think inside the box
Our most disappointing reflection is just how few organisations have taken this legislation as an opportunity – rather than something to comply with.
Amongst this red ocean of GDPR preparation, where is the blue ocean thinking? Where are the visions for the new dawn of consumer attention and potential for businesses and brands to build new relationships, based on more equitable and profitable terms? What companies are seeing the true opportunity of GDPR rather than being dragged kicking and screaming towards compliance?
GDPR (at it’s core) wrestles control of data away from companies (who thought they ‘own’ customer data) and returns it to those who always actually owned it. Now, data is on loan, not owned.
GDPR is the enabler of customer attention. Together you can be stronger. And by that we mean loyalty, value, advocacy… sales. Obviously, get it wrong and things go the other way – but now is the time to be glass-half-full on this stuff… see the light at the end, not just the tunnel.
But our assessment of communications and preparation to date is about risk management and corporate backside covering. In fact, the only company we’ve seen even try to spin GDPR to be aligned to their values (transparency, respect, trust) is a small firm selling watches. They have shown more imagination to think beyond the rules than many a multi-national with far broader resources.
#5 Sometimes a reset is the best route out of it
The UK pub chain Wetherspoon recently announced it was coming off social media. It said at the time it was about reconnecting with people, stopping pub managers spending all time online etc
Whilst the skeptics say it was a good PR stunt at play, another interpretation could also be that the data mess behind it all (think Cambridge Analytica and Facebook) was an area Wetherspoon didn’t want to manage. Social media is not core to their business… and the ROI in social media marketing remains an enigma. It could have been part of the reason.
We don’t work with Wetherspoon, or have any knowledge of the drivers of their decision making. Yet the point here is that sometimes the effort to rectify is greater than the cost to start from scratch. And too few companies appear to have adequately stepped back and critically assessed their data strategy, asset ecosystem and digital roadmap before applying the GDPR requirement. They are carrying on ‘because that’s what they’ve always done’.
That’s quite sad too.
The ultimate drive behind GDPR is a good one. Consumers need greater protection and companies need to think much more about what they are doing with data. Yet the way GDPR is being implemented shows just how fragmented organisations’ digital strategies sometimes are. As said, generalisations aren’t helpful, and the huge work of companies to put-right their digital ecosystem is largely hidden from sight. But for us at Portera, the lack of outward re-imagination of what GDPR could mean for transforming company-to-consumer experiences shows there is still a long way to go on the journey to digital maturity.
Portera is a strategic consultancy with core specialisms in strategy, data and marketing technology. We support global businesses to convert technology into a commercial driver. Tech is the essential business enabler – but we keep its focus on cost efficient business growth.
To find out more about the advantages GDPR can have for your business, a plan to manage the risks or to fix a GDPR burning bridge, just get in touch.