By Seeta Hariharan, GM and group head, TCS Digital Software & Solutions Group
In advance of the European Union’s rollout of a major expansion of consumer digital privacy and security rules in May, some observers warned of looming chaos — and huge headaches for data managers in retail and other sectors.
Hanging over managers’ heads: stinging fines for noncompliance — up to 20 million Euros or 4 percent of a company’s worldwide revenues.
While it took some doing for businesses to comply with the EU’s General Data Protection Regulation (GDPR), the hand wringing seems to have been overdone. So far, disaster has not struck.
In fact, retail industry executives and IT leaders would be wise to view the new regulations as an opportunity rather than a burden. Forward-thinking executives used the deadline to update data management strategies and make changes that not only comply with the rules but make their entire organizations run better.
Jerry Silva, research director for IDC Financial Insights, made a passing reference to this opportunity in a blog post earlier this year, so I looked into the issue more deeply.
Before the May deadline, many retailers scrambled to make quick fixes to comply with the rules. Now, I believe, it would be smart for them to reopen the books on GDPR and plan more fundamental changes that will pay off for years to come.
I’m not suggesting that all retailers stop what they’re doing and invest in multi-million-dollar, multi-year IT transformations — like, say, a master data management overhaul. But strategic planning and investments will improve privacy, security, data management and analytics. You can do this in nice manageable chunks.
In particular, retailers have the opportunity to clean up what I call their data swamps. Once their data is in proper order, they’ll be able to manage it more efficiently and mine it for insights. Complying with GDPR forces companies to understand their customers better so they can serve them better, and, in the rapidly evolving B2C world, it’s essential to deliver a delightful customer experience.
Today, many organizations have all kinds of data stored in a wide variety of locations and formats, and each department has different procedures for how it handles data. In some cases, companies don’t really know what they have or where they have it. This is the data swamp.
As a result of this chaotic situation, retailers miss out on taking full advantage of the information they have about their customers. A single customer may have relationships with different lines of business, but, since the business units keep their own data separately, they might not even recognize it. As a result, the company doesn’t have a complete picture of that customer — their situation in life, their needs and how they like to buy products and services.
These swamps should be dredged and replaced with enterprise-wide data management policies, processes and technologies. We recommend that a businesses’ data should be organized based on four principles: 1) centralized planning and control, 2) universal rules of conduct, 3) traceability and 4) enhanced security.
Control: Over the past decade or so, with the rise of cloud computing and multi-channel sales and marketing, many organizations have lost control of their consumer data. Now it’s time for CIOs and other corporate leaders to reassert control.
Think of the information you gather about customers as a multilayered platform for harvesting insights. The bottom layer is the raw data itself–stored in repositories capable of handling a wide variety of data types. The next tier is the meta data. Above that is the analytics layer. And on top sit the applications.
It’s essential for enterprises to adopt a common data analytics platform that all of their applications can draw on and through which all the data can be accessed.
Rules: Once you reassert control over all of your organization’s customer data, you have to set rules for how it can be used—embedding the rules as meta data in your data processing systems. And since regulations change over time, it’s smart to create a flexible framework so you can easily change your rules in one place and enforce them everywhere.
Traceability: You should be able to trace the origins of personal data quickly, so you can affirm that the way you’re handling it follows the regulations for the countries where the customers live, the wishes of individual customers, and your internal rules for handling the data.
Security: Many organizations gather customer data of all types in giant repositories without first encrypting it. That leaves it vulnerable to breaches. We recommend that organizations encrypt all of their data when they gather it. In addition, all of the records should be anonymized so only those employees who have the authority to access personal data can do so.
For today’s retailers, it’s essential to provide superior customer experiences. Consumers are in charge. They’re hyper connected—interacting with brands through devices in their hands, living rooms and cars. They talk, and robots answer.
Consumers have been spoiled by companies such as Amazon, Uber and Airbnb, which have mastered the art of being super-easy to interact with and delivering products and services that give people what they want, when they want it and at prices that don’t overtax their bank accounts.
The next big opportunity for consumer-facing companies is creating hyper-personalizing experiences for individuals. Only by understanding each customer’s lifestyle, values, needs and shopping preferences will brands be able to deliver memorable experiences and win their undying loyalty.
Building a technology infrastructure that enables retailers to serve the connected consumer by understanding their intent, motivation and behavior — and continuously learning — will be daunting for many organizations. It’s a multi-year journey. Retooling how you manage personal data to comply with GDPR is a critical first step — and it’s one that will likely pay off with improved customer relations and enhanced revenue growth for many years to come.