Privacy and security of customers’ private data have been major priorities for service providers for many years, but the topic has become increasingly sensitive due to:

  • Growing diversity of digital services resulting in the collection and use of ever more customer data.
  • New technologies and marketing applications supporting additional possible usages of the data.
  • Growing customer awareness and sensitivity around the protection of their private data.
  • Greater cybersecurity risks.

In that context, the EU’s recent publication of the GDPR (General Data Protection Regulation) further extends the privacy and security obligations of services providers. It is an enforceable regulation that places a number of strict requirements and liabilities on CSPs and their peers in other industries. These will have to be accommodated into companies’ processes and systems when the regulation takes full effect on May 25, 2018.

Implications for Service Providers

Obligations such as ‘the right to be forgotten’, data portability, privacy by design and by default, and pseudonymization, as well as the need for service providers to be able to materially prove their compliance with GDPR, will all have a significant impact on Service Providers customer engagement applications.

While the challenge exists for many industries, it will have a particular impact on Service Providers where, in spite of huge transformation efforts in the past years, customer data is still scattered across the many systems supporting channels, billing, CRM (customer relationship management) and BPM (business process management).

There are three specific areas whereService Providers must guarantee security and privacy:

  1. Collection of customer data, ensuring that there is no interference with other systems in this process
  2. Storage and management, providing the guarantee that sharing of selected data remains fully under customer control
  3. Protection against data breach attempts by external agents

Further, asService Providers extend their footprint into the internet of everything (IoE) and digital services, they will collect and handle more and more diverse customer data. In some cases this data will be more sensitive, or at least sensitive in a different way, such as that related to insurance, banking or health digital services.

And what is at stake is significant, not just in terms of customer trust, but also financial liability – the regulation includes severe sanctions in cases of non-compliance, including fines up to €20 million or 4 percent of a company’s global annual revenues.

GDPR as a catalyst for customer centricity

Apart from setting new regulations and sanctions, the GDPR aims to empower the customer in the management of their personal data, driving behaviors that are totally in line with the customer-centric approach that our industry is actively pursuing.

Several items in the new regulation, such as explicit consent, right to be forgotten or data portability, are already considered key components of customer centricity.

Seeing GDPR compliance as an integral part of a wider opportunity around developing trust should encourage service providers to consider innovative solutions QualyCloud created a specific Personal Data Hub (a personal space which can be both open and highly secured) within their architecture.  This provides a single area in which customer data was handled and managed for bothService Providers and their digital services partners, providing both regulatory compliance and giving confidence to customers.

The QualyCloud’s  Personal Data Hub open the door to additional data monetization opportunities, e.g. in advertising (shifting from targeted advertising to customer-selected advertising) or analytics (processing customer-specific ‘small data’ at a lower cost than processing a huge volume of ‘big data’).  Given the GDPR consent requirements, it is also a way to ensure greater customer engagement and enhance the KYC (Know Your Customer) process.