As we face the final stretch on the road to GDPR, the alleged “warning signs” are everywhere: fines of up to €20 million, or 4% annual global turnover – whichever is higher. The regulation is often painted as a threat, something to fear. But I don’t see it that way at all. In fact, managed correctly it can reinvigorate and revitalise models of business operations, customer engagement and data-led transformation. What’s scary about that?
GDPR will be a tough shift for some organisations, but there’s no reason to see it as an existential threat to business when there’s a world of support and services opening up.
The benefits of GDPR cut across the data ecosystem. EEA citizens and residents with a digital footprint (so, pretty much everyone) will get much more control over how their personal and sensitive data is used. The regulatory backing will help in querying what specific information is held and why, and provide the power to request deletions. But overall, data will still be of incredible value – we need to figure out how to get the most out of the data while at the same time respecting an individual’s privacy.
Done right, this introduces the possibility of a more meaningful, trust-based relationship between business and consumer. A partnership where there’s assurance from both sides that each is acting in the other’s best interests – whether that’s for the creation of new services, sculpting new business models or personalising existing offerings.
It is this motivation to drive value, increase trust and transparency within the new data frameworks that has led Mastercard and IBM to found Trūata.
I’m honoured to lead a team dedicated to finding innovative and technological ways to achieve two key goals: to deliver on GDPR’s vision of giving individuals control over their data and to help businesses continue to derive valuable insights and improve their services using the data available.
Change can be a good thing
Operating within the rules and regulations has never hindered sustainable and socially responsible growth. It’s true that GDPR rules will restrict the use of data in certain circumstances – prioritising individual rights over company rights. Some see that as an affront to free market progress. But the truth is that companies that fully comply with the regulations will find themselves with a solid foundation for growth as they look to the future. They will be best positioned to innovate and engage intelligently, while adhering to the most citizen-friendly policies on the planet.
Under GDPR, there are mechanisms that will enable companies to use the personal data they gather from their customers. In addition, organisations can still make use of the data resources at hand through comprehsive anonymisation techniques. The capability to completely anonymise data is a powerful one, and when considered with other management approaches like obtaining consent and ensuring strict access conditions, should open up new possibilities to modern organisations.
Using data that is properly anonymised and analysed, businesses can identify ways to improve customer service, develop new product offerings to meet customers’ evolving needs or measure the success of their marketing programs. Performing this analysis – and therefore gaining this type of insight – would not be possible under GDPR using personal data. But if properly anonymised and analysed using Trūata’s proprietary techniques, such insights can be obtained while complying with GDPR, bringing significant value to both the business and the consumer.
The business model we’re using, a data trust, will enable Trūata to offer this service through a mix of the cloud, analytics, cognitive computing and breakthrough anonymisation capabilities that IBM will contribute as foundational technology partner. Each customer’s data will be silo-ed from other data, secured and treated with the respect and care demanded by the GDPR.
We have chosen this specific, and innovative, structure for some very specific reasons. Instead of holding financial assets, the Trūata trust will hold data assets. Its constitutional documents have been designed to guarantee compliance with GDPR requirements. Because of its governance structure, Trūata will operate independently of its beneficiaries and customers, thereby allowing it to maintain direct control over the data for anonymization and hosting for its client companies and provide analytics on behalf of its clients as well.
This new data dynamic needs a new type of data service. As a data trust set up specifically to offer independence and with a constitution that guarantees compliance with GDPR requirements, Trūata offers a new alternative to the regular vendor/client relationship.
Trūata’s business structure may be fresh to the market, but the route we suggest following should be familiar. Helping clients reach their potential, working together and striving for innovation is what keeps the business world rolling. We look forward to meeting the needs of GDPR, and seeing what path others take as the new regulations take hold.