The GDPR paradox: how data regulation creates revenue streams

The global installation base for home smart speakers is predicted to grow to 225 million by 2020. The much-vaunted 5G telecoms rollout promises leaps in Internet of Things and smart city innovation. Wearable fitness technology increasingly goes beyond step counting and heart rate monitoring to provide deep insights into our health.

As the huge data sets that companies can now leverage become ever more integrated into consumer-facing products – and as the hype dies down following last May’s General Data Protection Regulation deadline – one could be forgiven for expecting data regulation compliance efforts to be low on the list of priorities for 2019. As the GDPR, like the cookie notice, becomes an accepted part of everyday life, surely our collective attention will turn back to shiny innovation?

More than compliance

In fact, the journey towards compliance is only just beginning. This is partly because few were ready for the GDPR when it came into force. On one side, businesses were not prepared: as of last May over 80% of organisations had not yet completed basic data discovery exercises to assess the scale of the task. On the other side, the regulation could not yet be suitably enforced: 17 of 24 European Data Privacy Authorities did not have the powers or funding to enforce GDPR when it came into effect.

GDPR data protection

However, as organisations progress towards data regulation compliance in 2019 they will find that there is more at stake than avoiding fines and reputational damage. While these risks are very real, they mask the potential opportunities within companies’ data.For example, businesses often have vast amounts of data stored in silos which are disconnected and difficult to reach, or have databases with significant amounts of redundant, obsolete, and trivial data (ROT). The necessary data discovery exercise which must precede the development of data regulation compliant systems is also an opportunity to bring disparate data silos together, while the GDPR directly necessitates the elimination of ROT. As they move towards cloud-based data management, companies are finding that this exercise also simplifies and minimises the data they need to store, leading to faster migration and reduced storage costs.

Similar efficiency savings, following an upfront investment cost in compliance, can be seen in the reduction of man-hours needed to complete data discovery tasks, such as freedom of information requests. They can also lead to a reduction in cyber insurance premiums, due to the potential for more thorough risk assessments.
GDPR’s competitive advantage

GDPR compliance = competitive edge

So data regulation compliance might inadvertently lower overheads, but what about the other side of the balance book: how can it possibly raise revenue? While the GDPR has historically been a slow train – in the process of arriving ever since the launch of the GDP Directive in 1995 – it finally pulled into the station at an opportune moment, just as consumer awareness of data privacy issues peaked due to a series of major, well-publicised data breaches. In this context, being able to claim GDPR compliance, as a well understood public marker of data safety, provides a competitive advantage.

In a business to business context, companies are also coming to realise that data processing, as something in universal demand, is also a saleable commodity. Acquiring the technology required to manage the full data life cycle – from on-boarding, through access management to final cleansing – can entail a significant investment of time and money. At the same time, products generally sold on a one-time payment basis, such as OEM parts, will often have their own data life cycle as they collect and utilise user data.

As such, offering to manage the data life cycle of manufactured products can be a value-added proposition which generates continued revenue on top of what would typically be a one-off exchange. Major organisations which operate as a hub for many smaller businesses, such as airports and local authorities, can also directly offer privacy-processing-as-a-service to the companies they support.

Paradoxically, then, the seemingly punitive GDPR, which promises major fines and huge reputational damage as a consequence of non-compliance, does not simply constitute an additional cost burden which threatens to limit revenues. Rather, those companies which adopt data regulation procedures quickly and efficiently will be the first to reap the rewards of greater operational efficiency and, ultimately, new revenue streams from data and data processing. In 2019, expect to see a shift in thinking around data and privacy.

 

Sources and credits: David Kemp, Business Strategist, Secure Content Management at Micro Focus