Businesses have been rushing to turn their data and customer insights into gold, harnessing as much information as they can to power increased sales and new opportunities. Meanwhile, the regulatory compliance screws have been tightening: GDPR, Open Banking, PDS2, and many others place strict new boundaries on what companies can do with their data and determine how they will be held accountable for it.
Tasked with ensuring the business can still reap value from its data while complying with the new regulations, many IT pros feel like the benefits of regulatory compliance are elusive at best. Here’s what you need to know about balancing these two responsibilities—and yes, it can be done.
Stay compliant with all current regulations
Any company doing business in Europe has already gotten the memo about the General Data Protection Regulation (better known as GDPR) and should be in full compliance. GDPR’s stated goal was to strengthen the benefits of regulatory compliance to better protect EU citizens’ data privacy rights and cut down on identity theft. Any business that collects and processes data on European citizens must comply with it—even those stationed in Canada or headquartered elsewhere outside the European Union. GDPR doesn’t mess around, either: Firms failing to meet the standards are subject to a hefty fine—up to 20 million euros or 4 percent of the company’s worldwide revenue—for a single breach.
If your business collects any type of personal data on European citizens, whether through a website, a contact centre, or some other source, you need to be compliant—but GDPR isn’t a one-and-done regulation. You need to remain continually compliant by being clear on what type of personal information you collect and process and making sure you’re using data appropriately under the rules. You should check in regularly to document all the measures you’re taking and ensure your organization is following through on those measures—this will help your business demonstrate compliance with GDPR over time.
IT leaders should also continually update company policies and train employees to ensure compliance. You may also want to double check that your endpoint security strategy includes anything in the network that’s transmitting, processing, storing, or transferring data. From mobile devices to printers, take advantage of advancements in printing solutions that come with built-in security features to stop threats the moment they start.
Keep an eye on Open Banking and PSD2
European financial services firms and banks should also keep an eye on Open Banking, which aims to give banking customers greater control over their financial data. Banks will need to make available certain customer data via an Open Application Programming Interface (API), so it can be accessed by fintech competitors and other players in the market if one of their customers requests it be shared in this way.
There’s a related regulation, the revised Payment Services Directive (PSD2), that requires European banks to share data with their customers’ financial technology service providers via an API upon request. While it doesn’t require the use of an open standard, the goal is similar: to boost competition in the market and spur greater innovation in the financial services sector.
In the United States, the Consumer Financial Protection Bureau published data sharing guidelines in October 2017 for banks and fintech firms, but as of yet, US banks are not required to comply with any legislation surrounding open banking. In Canada, the recently released 2018 Federal Budget announced an upcoming review of Open Banking that, according to the Canadian Information and Technology Council, will “create prosperity [and] improve choices for Canadians.”
At the same time that businesses adhere to stricter standards on guaranteeing the integrity and privacy of customer data, some may also need to securely share certain portions of that data with third parties. This may require a larger internal conversation about adjusting business models to address the increased competition—and with customer service an increasingly important differentiator these days, it could place a greater priority on the need for companies to deliver a high-quality customer experience.
Balance regulatory compliance with the customer experience
Businesses should begin thinking holistically about compliance to proactively manage risks that could interfere with business growth—like massive fines and the devastating reputation fallout from a Target- or Equifax-caliber breach. With so many competing priorities to contend with, you can’t be blamed for wanting to check a box and just be done with this less-than-fun task, but you can make your life easier in the long run by putting in some extra elbow grease now.
Some businesses are adopting this approach as they build single-view applications, primarily with the intention of delivering a higher quality and more consistent customer experience across the organization. By using applications that link and unify a diverse range of data silos, representatives from various units within a company can gain a 360-degree view of the customer, as well as their needs and preferences, to better serve them during every interaction. These types of applications—properly designed with both compliance and CX in mind—can also help you identify how you’re managing customer data, ensuring it adheres to any applicable regulations.
IT pros have a challenging mission before them: Ensuring compliance with ongoing data protection regulations while maintaining a rapid pace of CX innovation. The good news is that while compliance efforts require heavy lifting at the outset, they typically become less labourious to maintain once everything’s in place—you just need to check in every now and then to make sure everything is going according to plan and no adjustments are needed. Meanwhile, you can improve your business’s CX in the course of pursuing compliance, ensuring greater competitiveness in an evolving marketplace.