GDPR – From constraint to competitive edge

GDPR – From constraint to competitive edge

As a commercial airline once put it: ‘We fly safely and on time’. Which they clearly thought made for a compelling USP (Unique Selling Point) while at the same time offering competitive distinction. But does it really? Let’s be honest. Isn’t this the least anyone would normally expect from any airline? So how is it distinguishing?

Ever since the GDPR came into force, as of May 25 2018, we have seen numerous organisations making claims similar to that of the airline company quoted above, but now related to privacy. Distinguishing? Not at all. In the current day and age, the least customers are entitled to expect from any company is that their personal data will be properly treated, handled, collected, processed and stored.                    

In his research on leading companies and brands, Simon Sinek, in 2009, suggested  three levels of organisational and human operation:

  1. what they do (‘what’, the outer circle)
  2. how they do it (‘how’, the middle circle)
  3. why they do it (‘why’, the inner circle or core)

Sinek goes on to propose that the third question in particular, is the one typically receiving little attention by companies failing to achieve their full potential. In contrast, s successful businesses make the ‘why’ question their first priority. It is the starting point of everything they do: the mission they set themselves, the vision they embrace. From this, ‘what they do’ and ‘how they do it’ will follow as a natural result. To return to the airline quoted above, it limited itself to flying circuits in the outer circle. In the end, it failed to touch down safely, landing in bankruptcy.

GDPR: why, what, how?
With the GDPR now securely in force, many organisations are still wondering what they need to do to implement the new legislation. The ‘why’ question, once again, is all too often overlooked or, if asked at all, simply answered by saying ‘because we have to’, not by referring to an overall privacy mission and privacy vision.

A sincere answer to the ’why’ question is the fundament required to implement the GDPR as a distinguishing value engine. In other words, you start by addressing the ‘why’ question by setting up a privacy program, assigning people and resources and, based on a program-based approach, reviewing your business processes (‘how’). This, in turn, will point you to the organisational and technical measures needed to ensure GDPR compliance and, in the end, privacy accountability (‘what’).

Businesses employing a structured and planned approach to bring together legislation, ICT and organisation, without losing sight of their business objectives, will distinguish themselves from the competition. In doing so, implementing and ensuring compliance with the GDPR is not the end in itself, but driven by sincere consideration and commitment, thus permanently cementing privacy in the organisation’s DNA.

The GDPR offers you a unique opportunity to reposition your organisation in the commercial landscape. It allows you, not only to re-examine and improve your business processes, but, more importantly, to give your customers the confidence and certainty that processing their personal data is being handled correctly. By outside-in thinking and by answering the question why your customers’ privacy is so important to you, you create a Unique Buying Reason (UBR). You are not just preaching privacy from a USP mindset. And that is what sets you apart from the competition.

In other words, you move from USP to UBR. By showing sincere commitment in all your communications related to privacy and in your daily business practice. In the end, it is not the Data Protection Authority, nor your shareholders, but your customers who are the true judges of your performance as an organisation. It is the customer who rates the trust he has in you, who determines your revenue, your market share and your image. The choice is yours.

Willem Beunis DPO/CTPP

Leave a Reply

Close Menu