I write this blog feeling just a touch tired. In common with many of you, I’ve been caught in the escalating whirlwind of preparing the businesses I work with for the EU General Data Protection Regulation (GDPR), which came into force last month. In fact, it’s been the perfect storm because every five minutes my email inbox has also been chiming with the impassioned pleas of other businesses desperate for me to opt in, opt out, read this, or read that.
I completely get the need for tighter privacy controls when we live in an age where our smallest impulse or comment can be tracked, traced, analysed and recycled for various purposes, good and bad. Legislators have an unenviable job trying to keep up.
Not a blog moaning about GDPR
So, this isn’t a blog moaning about GDPR. Instead I’d like to cast an eye over what it has triggered so far and then look at what it all means for the future.
I cannot help but believe a big car crash just happened right across Europe and in the countries outside the EU that have responded to GDPR. At a point where it is obvious that businesses need data more than ever before, many have sacrificially burned a myriad number of bytes and paper files on the fire to play safe, or in many cases, as a reaction to poor advice. It’s been a cathartic experience I guess and if casting out the old makes us look to the new, then not completely a bad one.
Ironically, many of the emails seeking opt ins might well have been illegal themselves, because the data should not have been held in the first place under original legislation. In other cases, the solicitation of opt ins will have been unnecessary, because the companies concerned would appear to have had legitimate interests.
Anyhow, now 25 May has been reached we can safely say that’s all in the past. Or can we?
What we are left with is diligent companies whose marketing and other data is probably taking up much less hard disk space. That next mailshot could be reaching a much smaller audience. Meantime, I suspect some of the worst examples of spam will continue.
There are other conundrums too, like for example how to promote the excitement of watersports and move the prospective customer’s imagination from inanimate equipment to a human experience when we are not always sure of the legality of image libraries containing peoples’ faces.
Being relevant is key
But is it all bad news? For example, we know through research that Millennials, the generation that the marine industry must quickly engage with, are perfectly willing to opt into provide very detailed data, as long as they get something sensible in return. By that I don’t mean by offering incentives or gifts – that, if anything, devalues trust. It is more about how businesses will intelligently connect with their audiences in the future, offering highly personalised approaches, respecting data security and being transparent about its use.
This is where the need for good design steps in. The UK Information Commissioner’s Office (ICO), which played a significant part in the GDPR and wants to stay involved post Brexit, says this: “You have to integrate or ‘bake in’ data protection into your processing activities and business practices, from the design stage right through the lifecycle. Data protection by design is about considering data protection and privacy issues upfront in everything you do.”
US-based user experience designer, Jess Robbins, writing on Yael Levey’s I am Not My Pixels blog, picks up on this theme. She says: “Remember that security, privacy and transparency are the new currency in which consumers will trade in and that their data is worth its weight in gold – especially for an effective, personalized experience. Creating an experience that builds trust is key now, more than ever before.”
Designing for Transparency and Trust
In a Harvard Business Review paper, Customer Data: Designing for Transparency and Trust, authors Timothy Morey, Theodore “Theo” Forbath and Allison Schoop, argue the case for designing systems that exceed the most stringent legislation to capture valuable trust from consumers. They state: “In a future in which customer data will be a growing source of competitive advantage, gaining consumers’ confidence will be key. Companies that are transparent about the information they gather, give customers control of their personal data, and offer fair value in return for it will be trusted and will earn ongoing and even expanded access. Those that conceal how they use personal data and fail to provide value for it stand to lose customers’ goodwill—and their business.
My conclusion then is that if you think the frenetic race to the GDPR deadline marked the finish, you need to think again. Today is just the starting line for a future where security, privacy and transparency need to be designed right into all customer touch points, to ensure we can continue to market our fantastic, aspirational product of boating effectively and engage that next generation way more intelligently than we ever did before.