From 25 May 2018 Europe’s General Data Protection Regulation (GDPR) will apply in the UK. It’s legislation that was signalled last year that strengthens and unifies data protection for individuals in the EU – and there are advantages in getting ahead.
In the second part of our analysis, Christian Annesley looks further at the opportunities for businesses. Read part one here on the basic steps to take in preparation here.
In May 2018, new data laws will apply in the UK under the General Data Protection Regulation (GDPR). This regulation is intended to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the export of personal data outside the EU and is designed to give citizens back control of personal data while simplifying the regulatory environment for international business.
If this sounds like a headache, the message from every informed corner is that this must not be approached as a burden, but an opportunity. Experts agree that the legislation is well-framed and is the right starting point for those looking to exploit data for commercial advantage.
Yet if there are practical steps to be taken around data – and there are – let’s begin with a different mindset by taking a step back, away from the legislation.
Data is proliferating everywhere we look, as the world goes mobile. All those devices – GPS-enabled 4G smartphones, cloud-synced tablets, trusty laptops, voice-controlled devices like Amazon’s Echo and the Internet of Things more widely – mean that everyone’s actions and movements and decisions are being tracked and measured like never before. The data being stockpiled is filling up data centres and storage area networks the world over.
The potential of all this data is exciting, but poses challenges for business too. For plenty of companies, this talked-about data utopia is a world away from the reality. Plenty of organisations are still struggling with old-school spreadsheets and flat-file databases and worrying about their customer and marketing files not complying with the letter of data protection laws.
But if that’s one reality, the inescapable point is that data is being collected dramatically quickly. It’s, therefore, crucial that growth-stage businesses keep up in the race with the data-savvy competition – and with the legislation.
What’s the best next step?
If we look beyond taking a checklist-driven approach, what’s the best way to think about data and its application?
Will Robertson is a partner in the commercial team of the law firm Osborne Clarke, and specialises in technology and privacy. He also used to work at Royal Mail with responsibility for figuring out the best ways to exploit data.
“These days as a commercial lawyer I work with retailers a lot and most already collect a lot of data with great potential to inform the running of the business,” says Robertson.
With the new law on the horizon, Robertson says the first challenge for a business is to understand its moral commitments to those whose data it is collecting.
“Transparency is at the heart of the process today. You need to be able to secure data, yes, but also to document it internally and deliver an audit trail.”
Robertson says the coming legislation is a help in this respect. It empowers those whose data has been collected to have control, but it also creates the right foundations for exploiting the data in powerful, trackable ways.
“People want and expect their data to be handled carefully and ethically, so businesses have the chance to ensure transparency and fairness while also exploiting data in new ways – and to get ahead of the competition, potentially.”
There is, Robertson insists, lots of scope in the new laws for companies to put data to work in new and exciting ways within the constraints of the law.
“Lots of insights can be gleaned from anonymised data, for example, that doesn’t even including personal identifiers. That’s one point. Another is that insight can also be gained from data that has been collected because of legitimate interests to do more for a customer. Many will assume consent is needed in all contexts but it’s not always the case, so long as care is being taken in just the right ways.”
There are still some risks
That’s not to say there aren’t still tangible risks for companies to navigate carefully in relation to data.
Arguably the biggest business challenge facing businesses with consumer and business customer data is the ability to protect and maintain their ability to market to customers. Just because a business is compliant does not mean that customers will opt in to receive marketing.
Companies need to consider, at a minimum, what percentage of current customers they can send a marketing email to today, and what proportion will still be available once opt-in is needed in more onerous ways. The difference could be substantial.
Data can be transformational
But despite this proviso in relation to customer data, the point is that the opportunities remain great.
“We are working on smart meter and energy consumption projects with utilities, for example, that have great potential for the businesses involved,” says Robertson. “Logistics is another area where analysis of the data can create transformational opportunities. The more we chat to clients about what’s possible and on what terms, the more the complexity and perceived blockages fall away.”
One recent project Osborne Clarke supported with a client saw the establishment of The Transition Pathway Initiative, a joint initiative between the national investing bodies of the Church of England and the Environment Agency Pension Fund. The aim of the JV is to track assets under management – and specifically to assess how oil and gas companies are preparing for the transition to a low-carbon economy.
“The venture uses data to evaluate and track the quality of companies’ management of their greenhouse gas emissions and of risks and opportunities related to the low-carbon transition,” says Robertson.
“It evaluates how companies’ future carbon performance compares to the international targets and national pledges made as part of the Paris Agreement – and it’s all data-driven, as you would imagine.”
The Curve takes flight
If that’s one example of the potential of data to carry forward new opportunities, another example is to be seen in a related space through the activities of The Curve to support improved energy management via businesses sharing intelligence on projects.
James Potten is among those working on the project and says it’s a great example of how data sharing and collaboration can deliver benefits and a step-change in working practices.
“The Curve is in its early stages but it aggregates data about energy projects that businesses submit – and everyone involved benefits from the collective insight that comes out. While it’s early days, there is data from nearly 1,000 projects already, with everyone involved motivated by enlightened self-interest.
“For large and small companies, the opportunity to be part of something bigger and to learn from being involved in an external big data project is a principle worth remembering in other contexts, too.”
There is a way to travel for each and every business on its data-learning journey, but the wider point to make is clear: don’t delay – get started now.