5 Key Business Lessons From GDPR

With so much focus on the detail of GDPR, let’s take some time to look at the business lessons from this external change. Whatever the size of your business, the world around you changes, and you need to be able to adapt. Regulation is just one of those key drivers of external change. So, to help us reflect on the business lessons from preparing for GDPR, I’m delighted to welcome back guest blogger William Buist. William mentors and advises business leaders, helping them get greater clarity. So, he is well-placed to lead us through this business-focused review. Over to William to draw out those lessons… Business lessons from GDPR readiness, or not GDPR was on the back-burner, for many businesses, for sometime. At least until recently. But, in the last few weeks, we have seen our in-boxes bulging, with businesses seeking to obtain the approval  they need for their marketing lists. It’s been interesting to watch the different ways in which businesses have approached this. It’s the same set of instructions and requirements from the Information Commissioners Office (ICO). They are not all compliant, but many are. Most lack subtlety, almost all miss some aspects of the reason these regulations are being developed. That’s a symptom of confusion, and it is absolutely normal. I’m not going to rehash the detail of the GDPR (we’ve all had enough of that by now!) I thought it would be interesting to consider what the general learning is, about external change. Learning that businesses can draw from the exercise of becoming compliant with the GDPR. I think there are five key lessons. 1. However early you start, it’s probably too late to do a perfect job Almost by definition, external change pops up only when it’s easy to spot. People are talking about it, and you wonder why you hadn’t heard. By the time you catch up with what is happening, the deadlines seem close. The best thing to do, is to keep your ear to the ground. Your network is probably whispering, about a couple of things, that will affect you in 2019 or 2020 already. If you can spot which ones you need to take action about now, you can be ready and relaxed. (Hint: if you use associates or contractors, take a look at upcoming IR35 changes). Be visionary. See also: What GDPR Means for Insurance Companies   2. You are aiming for a moving target Most external changes, like GDPR, are evolving. They continue to evolve for some time, after the ‘deadlines’, as working practices embed & difficulties are ironed-out. Businesses that thrive, look for the intention behind the change, and think strategically, about how to deliver that intention. Rather than thinking tactically, about the current need. Spend time identifying what your relationship, with the intention of the change will be. How you will express it, embrace it, and champion it? Be agile. 3. There are no experts about the impact on your business, and there may be no experts at all External changes aren’t driven with your business in mind. Nobody has enough experience to be an expert. They are just more, or less, knowledgeable than you are about this change; but always less knowledgeable about your business. Check what other say, seek evidence. One example: “privacy policy” is not mentioned in either of the relevant legal frameworks. Neither the Data Protection Bill, nor the GDPR regulations. Now, I’m of the opinion that a privacy policy/notice may be a sensible way to evidence your policy and processes. But it will not, and cannot, of itself, make you compliant. Rather than experts in the thing that is changing, seek out the experts in the work that you need to do. Hire the best implementors and strategists, before your competitors do. Be adaptive. 4. In the long-term, you will wonder how you managed today External change, that affects all businesses (like the introduction of email, or GDPR) can seem like an imposition. Something to be resisted, but ultimately, advantageous. It’s hard to imagine doing business, with a typing pool and snail mail, yet for many years that was the best we had. GDPR will change the way that businesses do their marketing. The better targeting and stronger trust(*), that will arise in the long-term, will seem like a norm that will make today feel antiquated, even ‘quaint’. (*) The P in GDPR is important. Protecting the data of the people you work with, using it responsibly, and sensibly (and being seen to do so) is how trust develops & thrives. That will take time, and it has to be authentic. Be trustworthy. 5. Just because you can’t see the opportunities, doesn’t mean they aren’t there The world will be different, after all that’s what significant change does. In a different world, opportunities are also different, and far less visible, at least until you ‘get your eye in‘. The best businesses scan the horizon, for things that they can use today, to deliver a better business tomorrow (than it was yesterday). It’s worth spending strategic time, to identify what opportunities might exist, in this new world, and how they might be made visible. The best do this habitually. Habits form from regularity. By making these things conscious, you make it more likely you can see the opportunities, than less. Be pragmatic. GDPR may have (just) been about data, and its protection. But it teaches us all to be visionary, agile, adaptive, trustworthy and pragmatic. See also: How to Avoid Being Bit by GDPR (Part 1)