GDPR has put consent front and center in the big data debate – that’s why companies need to go further and develop proactive policies that give consumers full control.
The EU General Data Protection Regulation (GDPR) went into effect at the end of last month. While many Asian consumers would assume that EU regulations would have little impact on them, the truth is that GDPR affects all organizations looking to do business with the EU. By now, many of us will have received a flood of emails informing us of updates to the privacy policies of many of services and businesses with which we have accounts, from Uber and Singapore Airlines to Spotify and more. As such, it’s in the interest of businesses and consumers alike to understand the implications of GDPR, and how it’s bringing about the Era of Consent.
GDPR sets out rights of citizens and consumers as owners of their own personal data, meaning that data can only be processed by a company if the data subject has given consent to the processing of his or her personal data for specific purposes, or if that data is essential to fulfil the service contracted by the data subject. So far, so good. Many companies have already altered existing customer agreements in pursuit of compliance.
However, GDPR and its potential ramifications recently reached a whole different level. The revelations about Cambridge Analytica and the alleged illegal access to the private data of almost 87 million Facebook profiles might turn out to be a turning point in consumers’ expectations around how big data can be safely harnessed.
GDPR was never just a data security issue aimed at discouraging physical data breaches. The new regulation focuses on the rights of companies to use data, and the obligation to have explicit and informed consent from the people who own that data. GDPR should not be treated as just a compliance issue – it opens up a whole new industry for personal data management.
I predict a wave of class actions once GDPR has come into force, brought forward by legal groups and consumers, fueled by occasional data breaches – both physical and legal.
Does GDPR pave the way for Me2B?
This is likely to be noisy and chaotic, but it could pave the way for a move away from traditional definitions of B2B and B2C towards a personalized data economy, where consumers become far more aware of the potential value of their own data, and of their opportunities to convert this potential value via new so-called ‘Me2B’ propositions.
‘Me2B’ means the consumer dictates the terms of how business relationships are formed. The Me2B customer defines his or her own concept of loyalty, inviting businesses to sign up to the ultimate customer-centric loyalty program managed by ‘me.’ This would turn existing notions of loyalty and marketing upside down.
Companies need to think beyond GDPR compliance and move towards proactive data privacy, consent management and customer-centric controls. Data users will need to invest in data management architecture, such as the use of meta data definitions that include information about the use, origins and provenance of a specific data field or record (in addition to the definition of the field itself).
Awareness of citizens’ rights regarding their own data is growing. The winners in the new ‘big data world’ have so far relied on consumers not really noticing. But as the unfolding Facebook/Cambridge Analytica saga shows, the landscape for big data has shifted. It will no longer be acceptable to process and monetize consumers’ data without their explicit buy-in. And that will require new incentives and motivators. The winners in the next generation of big data will need to work out how to manage relationships with – and preferences of – individual consumers.