How to turn GDPR into an opportunity, not a cost

It’s tempting to treat any new regulation as a bureaucratic overhead, a cost to be borne by the business with little upside beyond the avoidance of fines that come with non-compliance.

How to turn GDPR into an opportunity, not a cost

It’s tempting to treat any new regulation as a bureaucratic overhead, a cost to be borne by the business with little upside beyond the avoidance of fines that come with non-compliance.

Meet the author

Matt Cheung

CEO

It’s tempting to treat any new regulation as a bureaucratic overhead, a cost to be borne by the business with little upside beyond the avoidance of fines that come with non-compliance. It’s tempting, therefore, to approach the forthcoming EU General Data Protection Regulation (GDPR) as a piece of necessary but unwelcome red tape. Tempting but wrong.

GDPR, due to come into effect on 25 May 2018, should instead be managed as an opportunity to optimise the data-driven processes that underscore business success – data-driven processes like lead-to-cash (L2C).

The synergies between GDPR and L2C might not seem immediately obvious but they exist, nonetheless.

GDPR makes demands on the collection, storage and processing of personally identifiable information (PII). This not only encourages good practice; it is a prerequisite of success in today’s data-driven economy.

As a process, L2C maps the journey clients take as they make their way through the sales cycle. By definition, it is a process that crosses departmental boundaries and takes in the fundamentals of doing business from marketing and lead generation to lead nurturing, sales conversation, order processing, and invoice and collections. An efficient L2C process helps sales teams sell more – to both new and existing customers – and provides excellent customer service and customer experience which, in turn, builds brand loyalty.

According to analysis by the Aberdeen Group, getting L2C right can lead to larger deals, double proposal volumes and cut the average sales cycle by over 25 per cent.

In common with other data regulations and directives, GDPR requires that organisations capture only the personal information necessary to deliver its service. It requires, too, that an organisation knows precisely what it is processing, where that data is located and who inside the organisation has access to it. None of this should impose restrictions on your business – rather it provides discipline, a framework on which to map a data strategy. It means an organisation thinks only about the data points that matter and doesn’t harvest unnecessary information.

This approach also ensures that there is a sophisticated understanding of roles and responsibilities. Identifying only those across multiple departments that need to process or access information helps impose the right structure on sales, marketing and operations. And by applying a strict approach to permissions, an organisation takes redundancy out of the L2C process.

A combined GDPR-L2C approach stops compliance becoming an exercise that happens ‘in the corner’, divorced from other business activity and to the exclusion of most departmental heads. In project management terms, it moves GDPR off spreadsheets and into business mapping tools such as BusinessOptix. By rooting regulation and compliance in foundation process architecture and business operating systems, it becomes an asset that enhances an organisation’s ability to innovate while simultaneously speeding up execution.

Moreover, if regulation is embedded in foundation process architecture, the business can identify the impact compliance will have on processes today and plan for – and mitigate against – likely impact tomorrow.

Elsewhere, GDPR promises customers and clients – in either a business-to-consumer or a business-to-business context – the right of erasure and the data portability. In other words, customers and clients can ask for their information to be moved wholesale to a rival supplier or removed in its entirety.  Whether, the removal of data is good practice is a debate for another time. What is indisputable is the that data can only be moved or removed if it’s easily locatable and seamlessly integrated.

With synergies comes opportunity. Rather than a business cost with no revenue benefit, imposing process discipline to ensure GDPR compliance becomes an investment. It will result in an optimised L2C process, increasing revenues, reducing costs and improving customer experience. And not a single piece of red tape in sight.

You might also like