In 2006 Clive Humby, the architect of Tesco’s Clubcard loyalty scheme, coined the phrase “Data is the new oil”. He recognised the commercial advantage that smart businesses could enjoy by analysing the data it held on its customers, and responding to the intelligence it revealed about them.
At Shire we have increasingly come to appreciate the value and importance of our own customers’ data. Not just the basic contact, financial and trading information we possess but the insight into trends, patterns, purchasing behaviours and economic confidence it provides us with. This intrinsic value, compounded with the ever more frequent news of data breaches, hacking, loss and misuse, is making it a very hot topic not just across the leasing industry but in the wider business community generally.
GDPR for today’s world
There having been no substantial changes to data protection law in the UK since 1995, the General Data Protection Regulation (GDPR) is thought by many to be long overdue.
In those 20-plus years how and for what data is used, stored and shared has changed significantly. We live in a world now where businesses are globalised and trading has become essentially borderless. The popularity of social media, cloud storage, and secure file transfer of even very large files, means transmission is simple – as unfortunately is accidental loss and malicious broadcasting.
GDPR received formal adoption by the European Parliament in April 2016, making it likely to be directly applicable throughout member states from May 2018. All the indications are that, despite Brexit – as our withdrawal from the EU is unlikely to be complete by then – this will still come into force in the UK. And, even after that, chances are that the UK will be keen to harmonise its own data protection with our European cousins.
GDPR – the impact
Like oil, data runs through our organisation. Gone are the days when siloes and pockets of information existed in manual and written form. Our legal, IT and marketing teams are braced, but essentially ready, for the impact GDPR is likely to have. Operations, sales and administration – all of whom input and rely on the data too – have embraced and appreciate just how critical the right attitude and processes will be to keep us “watertight”.
As a board, we recognise the seriousness of any potential breach of the new rules. Severe penalties are one thing, but the loss of credibility and damage to reputation would wound us even more. It has made us re-think not just our own procedures, but those of our suppliers who we entrust with this precious commodity. Those we engage with for document management and shredding, marketing and design, our printer, recruitment agency, even the cleaning and facilities management people.
So every aspect of our data management from collecting, handling, gaining consent, through processing, storing and fully documenting any breach or suspected breach remains under the microscope.
Data is binary, customers aren’t
Many organisations have focused on how onerous the GDPR will be. There are cries of over-regulation and complaints about its impact on resources. But we broadly welcome it. It’s about trust and “playing nicely”, and being squeaky clean makes us above reproach. The greater challenge, and it’s not one that can be legislated for, is ensuring that we see beyond the data. To remember that those bits and bytes are individuals – organisations and people with unique needs, requirements, plans, personalities and traits. Customers that pay our wages and keep us trading, not simply data records to be interrogated and analysed.