The group that attended our last breakfast conference on “GDPR: transforming an obligation into an opportunity” presented a specific challenge. What themes could the audience of general managers, CIO’s, marketing directors and Data Scientists discuss together? We proposed to frame this new European directive on data protection as a design challenge: how can GDPR provide an opportunity to improve the value of your organization’s digital properties? Let me develop the argument briefly here.
In our MasterClass on GDPR we suggest focusing your efforts on GDPR compliance, not on putting a legal shield, but on how organizational processes, platforms, people, and practices shape the value of an organization’s data. Organizational processes structure how your organization uses data in serving employees and customers. Platforms represent the tools with which your organization works with its employees and customers. People refer to the mindset of how the company’s stakeholders view their relationship with the organization. Finally, practices evoke the way the different organizational stakeholders consume organizational resources.
How can your work on GDPR compliance strengthen your business processes? Business processes leverage data to enrich stakeholders’ experience in working with the organization. The value of the data is intimately linked to its use in scenarios that build trust and confidence between the organization and its different internal and external stakeholders. The requirements of the new DPIA (Data Protection Impact Assessment) need to focus the bigger picture of what the organization is trying to accomplish.
The evolution of IoT technologies is producing a myriad of data streams on people, transactions, and processes. Ideally these platforms provide multiple opportunities to monetize the interactions between your organization and its internal and external customers. They shed visibility not only personal data, but on the quality of quadratic relationships that individuals have with their social and physical environments. IOT presents specific challenges for individual privacy and security: consent, reliability, and the risk of breach infringement need to be addressed through notions of Privacy by Design and Security by Default to foster employee and customer trust and engagement.
The end goal of GDPR is about influencing mindsets about how they use data to interact with their employees and customers, to propose new products and services, and to monitor performance. Digital transformation isn’t measured in MegaBytes, but in the shaping managerial mindsets concerning data-driven decision-making. The scope and obligations of the new legislation go beyond the role of the Data Protection Officer to information workers throughout the organization. The future inspections of the Data Protection Authorities will focus on management’s intent and practices.
Most importantly, measurable management practices provide much better indicators of the worth of an organization’s digital strategy than total investments in data processing. The value of organizational data depends on the use scenarios of how data is transformed into a call for action. Data is more than a by-product of manufacturing and/or service processes, it reflects steps in human decision-making processes. Designing customer (internal and external) experiences, rather than information processes around the data in the key to predicting and eventually influencing stakeholder behavior.
How can organizations turn the “obstacle” of GDPR into new opportunities to improve their digital properties? Let’s sum up our arguments. Your implementation of GDPR is an excellent occasion to focus on the processes and networks that define how your organization uses data to listen, ideate, innovate and evaluate its products, services and experiences. Privacy by Design and Security by Default offer your organization the opportunity to experiment in your deployment of IoT — and to focus resources where they will provide tangible benefits. The Data Protection Officer’s job isn’t behind a desk, but in front of his colleagues and customers evangelizing how your organization’s digital transformation will contribute to both trust and value. The high road towards GDPR compliance is in building your vision of digital transformation — the payback isn’t at the end of the road, but in every conversation along the way.
Lee Schlenker is a Professor at ESC Pau, and a Principal in the Business Analytics Institute http://baieurope.com. His LinkedIn profile can be viewed at www.linkedin.com/in/leeschlenker. You can him on Twitter at https://twitter.com/DSign4Analytics.