GDPR as a catalyst for change in thinking

Data privacy is high on the agenda of many companies as the GDPR is about to enter into force in the beginning of the coming year – which makes sense, in view of what they have to do to make their organization GDPR compliant. But the fact that all these companies are now required to reassess — and, where necessary adapt — their data privacy policy, also means that they are going to see things in a new light. This can only bring about a change of thinking – from must to can.

Thanks to the increasing technological possibilities, more and more companies are launching pilot projects to improve the service, cut costs and develop new business models by using data analysis techniques. Customer data and customer insight constitute the basis in many of these initiatives. Data privacy is an aspect that is nowadays included here pretty much as a standard, also because of the coverage of the GDPR on television and in the written press. Companies are taking a critical look at their data management and data governance policy and how they can get the most out of their data in a responsible manner in order to innovate. In this sense, the GDPR is a catalyst for corporate thinking.

Data portability

I think that data portability is a fine example in this case. Pursuant to the GDPR, a consumer has the right to transfer a database from Controller “A” to another Controller “B” without hindrance from the controller who is provided with the personal data. The data which are processed by A with the unequivocal consent of the party concerned or on the basis of an agreement between the party concerned and A are eligible for data portability to B. The party concerned is entitled to data portability where technically feasible. In plain terms, power will soon shift to consumers because they will be able to switch easier from one provider to the other.

This can constitute a real threat for CRM systems, whereby a new company can ‘buy’ the data of parties concerned easier through data portability. The initial controller loses the data and no longer has any legal processing justification. Some companies are however bound to see data portability as chance to focus on customer satisfaction even more. They will in the very least deal light-heartedly with the processing of customer data and actually use them to optimize their service.


I therefore see a change in thinking when it comes to transparency as well. Where companies used to be vague about the collection and processing of data, more and more of them are opting for full openness about which data they collect from their customers and why. Transparency is becoming an extra sales argument with which they distinguish

themselves from their competition, a means for gaining and retaining the trust, confidence and loyalty of customers. Clear communication on the matter can only be beneficial to your reputation.

It is important to realize that focusing on the GDPR is not a once-off exercise. The change in thinking must become rooted in the entire organization and constitute the starting point for all decisions taken. The GDPR is thus emerging as the fundamental principle for developing new services and business models, where the privacy of customers takes priority. I will have more to say on this issue in my subsequent blog.

This is Blog 2 from a series of three that Michiel Alkemade, general manager of Computer Profile Nederland, wrote on direct marketing and the GDPR. The previous blog  dealt with the rights and obligations of companies which engage in direct marketing. The next blog, which will appear shortly on Marketing online, deals with how the GDPR creates new opportunities.