GDPR Investments for Compliance AND for Competitiveness

This article was originally published in Database Trends & Applications.

The deadline looms on the horizon. On May 25, 2018, the European Union will enact some of the most stringent data privacy regulations the world has ever seen. These regulations will impact thousands of companies around the world, not only EU-based organizations but any company that collects or processes personal data on EU residents. The General Data Protection Regulation (GDPR) recognizes the “fundamental right” of people to control what data is stored about them and how it is used.

GDPR Investments for Compliance AND for Competitiveness

Organizations must be ready for this date since the fines for non-compliance could be as high as 4% of annual revenue or $21 million, whichever is higher. To put this in perspective, small companies could go out of business with a $21 million fine, and for a company with revenue of $10 billion, the fine could be a staggering $400 million.

No organization with large datasets can sift through them manually to find personal data and judge its GDPR compliance. Companies need sophisticated technology to deal with their data effectively, enabling them to search, discover, and review. Most organizations find it challenging to quickly and accurately identify and find personal data.

Under GDPR guidelines, people can request to be informed about the data that organizations store about them and can demand rectification, erasure, or the restriction of how their data is used. They can also ask to receive their personal data in a common format that allows them to transfer it to another organization.

The impending deadline and the fear of painful fines put organizations under a great deal of pressure, such that they may forget about pursuing the potential business benefits of conformity measures. For example, the prospect of thousands or even millions of people demanding to know what data is stored about them may seem daunting. Since an organization is obliged to answer within 30 days, this might result in thousands of cases per day being handled by customer service.

On the other hand, many large enterprises with millions of individual customers—banks, wireless providers, etc.—need to provide a 360-degree view of a customer to their sales and service personnel—in seconds, not in a month. This is a business requirement independent of GDPR compliance. When customers contact the company, they expect the sales or service reps to know them and give them knowledgeable recommendations and advice.

One way of providing such a 360-degree customer view is using cognitive technologies that can ingest structured data from enterprise applications such as CRM and billing and unstructured data such as emails and other correspondence. Companies often have hundreds of such data sources. Cognitive capabilities, such as natural language processing and machine learning, are necessary to extract relevant information from structured and unstructured data: what kinds of contracts the organization has with customers; service and payment history; whether the latest exchanges were friendly or aggressive; suggestions from past experience with other customers to help solve the current customer’s problems; etc.

In a call center, operators need to get a complete picture of the person on the line within less than 2 seconds, according to industry standards. If a company has 20 million customers, more than 200 enterprise applications with customer data, and 10,000 call center agents, that is a daunting challenge—but a challenge that has been successfully overcome by companies.

ROI: BUSINESS BENEFITS—NOT JUST COMPLIANCE
Gartner estimates that European companies will each spend an average of 1.3 million euros to comply with GDPR personal data protection requirements while U.S. businesses are setting aside at least $1 million for GDPR readiness, with some assigning up to $10 million. What do they get for it, apart from avoiding fines?

Let us look at a concrete example of a wireless telecom company that implemented a 360-degree view strategy using cognitive technologies. The first objective of the project was reduction of average call handling time, increased customer satisfaction and loyalty, and increased up- and cross-selling. All these goals have been achieved, but there is another aspect to the project that offered massive savings: Call center employees now have a unique and intuitive user interface to access customer data.

They no longer need to understand some 30 enterprise applications they had to navigate before to access this data. This reduces the need for training from 30 days to 1 day. With 10,000 employees and a turnover rate that often approaches 50%, that means 5,000 x 29 workdays saved per year, i.e., 145,000 workdays or 29,000 person-weeks. ?The company can certainly offer a lot of customer service during that time! The overall ROI of the project would be approximately 60 million euros over ?3 years.

NEW PARADIGM: CUSTOMER SELF-SERVICE FOR INFORMATION RETRIEVAL
One of the 10 biggest banks in the world has implemented a similar project to provide a 360-degree view of customers to its customer-facing employees. Its objective from the outset was also to provide their customers a 360-degree view of their own dealings with the bank: accounts, share deposits, insurance contracts, etc. It is easy to extend this interface to answer the question, “What data does the company have on me?” In this way, the company improves its service to customers and fulfills its GDPR obligations without a single employee being involved.

GDPR is coming, but instead of seeing it only as a costly burden, organizations should view the regulation as an opportunity. By implementing advanced cognitive technologies to derive deep customer insights, organizations can ensure compliance while reaping the business benefits of greatly improved customer service that can have a tremendous impact on the bottom line.

+1Share on LinkedInShare on Twitter

GDPR Compliance: How Cognitive Search & Analytics Can Help

As anyone doing business in Europe probably knows, the European Parliament adopted the General Data Protection Regulation (GDPR) just over a year ago in the Spring of 2016.  The GDPR requires any company doing business in Europe to comply with strict new rules around protecting customer data.  This has already introduced cause for concern among corporate security teams, as the GDPR takes a broad view of what constitutes personally identifiable information (PII).  Companies will essentially need to provide the same level of protection for things like an individual’s IP address or cookie data as they do for name, address, and Social Security number.   (more…)

+1Share on LinkedInShare on Twitter