The value exchange

Insights mustn’t be put before individuals

In the competitive pursuit for insight, organizations continue to collect and store increasing amounts of data – analysing large quantities of personal data, including preferences, purchases, donation history, sports performance and even sensitive matters such as their health. Yet, as they quickly process huge quantities, with the help of increasingly advanced technologies, many organizations are overlooking the most important aspect of the process – the owner of this highly valued data is the individual.

As well as becoming increasingly critical of how their data are stored and used, individuals are also starting to recognize that while organizations gain crucial information and important insight from their personal data, they receive nothing in return. The value exchange is one-sided. This imbalance is now being recognized. Soon, tough new legislation will come into play – forcing organizations to recognize the rights of the individual and to place control of data firmly back in the hands of the individual.

Introducing the GDPR

In May 2018, the EU General Data Protection Regulation (GDPR) will require all organizations to become compliant with new regulations on data collection and use – regulations that are retrospective to existing data – aligning the purpose and explicit consent as appropriate.

Organizations will need to answer the following questions from individuals concerning the transparency of their personal data:

What data have been collected?

These new data regulations are driving imminent organizational change – where consent is used as the lawful reason for processing data. The individual will have the right to know exactly what data are stored, who has access to it and what is being done with it. In addition they have the right to remove their permissions and even be forgotten, that is, removed from all systems altogether. Ultimately, the individual will be in control of who has access to their data. They will be able to give consent in one area; deny use in another. They can be assured that if their data are broadly used, it can be anonymized.

The ‘right to be forgotten’ has a small but consistently positive impact on the willingness to share, increasing it by 10% to 18%. ²

With GDPR requiring an organization to keep detailed records on the data being collected, those that hold personally identifiable information (PII) will have to explain why they collect the data they do, what lawful reason they are using to process the data (e.g. legitimate interests, consent), who has access, when it was captured, where, and what they do with it. No easy feat, and one that many companies are not currently equipped to complete.

Furthermore, the new ‘right to be forgotten’ that GDPR provides requires complete removal of an individual’s details by the organization – not just in one system or in one department but in every place where data are stored or used. A process that will be potentially complex and highly involved for many organizations.

90% of businesses think it will be hard for them to delete customer data if they receive a request. ³

Getting ready to rebuild trust

The main problem many organizations face is that few are currently technically capable to meet these new regulatory data obligations – because the technology, systems and processes do not exist, are not connected, sit remotely in silos or are incompatible. Currently, unless organizations are willing to embrace real technological change, the request to provide the individual with control of their data is unachievable.

Yet the reality many organizations are facing, is one where the rebuilding of trust in the relationship between company and individual, is crucial to business. If the situation of mistrust and the imbalance within the exchange of value is not tackled immediately, more individuals will simply refuse to allow an organization to use their personal data. They will decide they no longer want to engage with organizations – and will withdraw their consent. For any organization this could prove highly detrimental to their future income and competitive advantage.

Organizations need people

In addressing individuals’ scepticism, realigning relationships to rebuild or strengthen trust should be the primary driver and the priority outcome for organizations.

There are many documented reports supporting the individuals’ rights to privacy, trust and protection. From the Caldicott report in the health sector, to the World Economic Forum, who state, ‘An information differential exists between institutions and individuals, creating a crisis of trust that results from uses of data being inconsistent with user expectations and preferences’.

OPEN IN VIEWER

Trust, transparency, privacy and security

There are three core areas organizations must address if they want to maintain their market share and strengthen engagement with the individuals whose data they hold.

Trust

It is not difficult to see why individuals find it hard to trust organizations with their personal data. They are inundated with nuisance phone calls. They are constantly approached by unknown organizations. Plus, they are asked for excessive information whenever they subscribe, donate or purchase online, and recently in person. Each engagement presents confusing opt-in or opt-out choices along with lengthy terms and conditions – which usually go unread. All this amounts to trust being continuously eroded.

Perceived violation of privacy: 67% of organisations, companies and agencies ask for too much personal information online. ⁴

Contradicting this entirely, when posting on social media platforms individuals freely share vast quantities of information every day. They exchange this readily, often without realizing that their purchasing habits and online activities could be tracked along with more covert monitoring, for example, location and contact lists. The introduction of new, smart connected products and services mean that detailed information about the individual is constantly being collected. Yet, gradually, individuals are starting to become more aware about the ‘Big Brother’ watching them on social media and what their rights are.

OPEN IN VIEWER

Percentage of people who realize what details they’re sharing ⁵ :

Transparency

Lack of transparency is one of the main causes individuals are increasingly mistrusting organizations. The news frequently contains examples of organizations that have used, shared or exchanged personal data – sometimes because of oversight but often intentionally. Irrespective of this, this practice has led to significant scrutiny from the International Commissioners’ Office (ICO). Equally, the sharing of information between WhatsApp and Facebook ⁶ caused an enormous public outcry with the regulator having to step in to prevent data sharing between the two organizations.

Elizabeth Denham, UK Information Commissioner, says on this matter,

I had concerns that consumers weren’t being properly protected, and it’s fair to say the enquiries my team have made haven’t changed that view. I don’t think users have been given enough information about what Facebook plans to do with their information, and I don’t think WhatsApp has got valid consent from users to share the information. I also believe users should be given ongoing control over how their information is used, not just a 30 day window.

Privacy and security

Security of data is of tremendous concern for individuals and could prove to be a killer blow for organizational or brand trust. Whether it’s in the form of security breaches, with credit card details being stolen or incidents of lost records, organizations are under fire for not keeping data secure. Issues around information security have also raised awareness of the value of data.

71% of people said that they were concerned about their information being protected from loss or theft. ⁷

Two-thirds of the potential value generation – or €440 billion in 2020 alone – is at risk if stakeholders fail to establish a trusted flow of personal data. ⁸

Data currency – readdressing the imbalance

For too long now, organizations have only viewed individuals in terms of the data they can provide. With, in some instances, individuals’ data being misappropriated and misused, individuals are increasingly finding themselves wary of sharing their personal information, demonstrating an increased scepticism about the use, and sometimes misuse, of their data. Alongside this, a significant proportion start to question what they are getting back in return for their data. While individuals’ awareness of the value of their data might have been historically low, this is rapidly changing. If data are such a valuable commodity, many individuals are asking, why aren’t they benefiting from it? Gradually, they are waking up to the power of their data. Hence, the response for organizations needs to be urgently addressed – a response which can only be met with a real change in many companies’ approach to data currency – if they are to genuinely offset an individual’s resistance to sharing, or even withdrawal of, their personal information.

While it’s unlikely that the worst case scenario of wholesale withdrawal of consent will happen, it comes as no surprise that a large proportion of individuals are starting to look for improvements in their relationships with organizations. This includes a demand for their data to be used effectively – in ways to benefit them and society as a whole.

Consequently, as more individuals recognize their personal information is valuable, and seek better, transparent relationships, they will also become more selective about where they share it and for what purpose.

Delivering shared value

With more individuals recognizing the value of their personal data, and some feeling uneasy about the one-sided benefit in favour of organizations, it is time to change perspective on how value is shared. For organizations, there is a strong case for regaining trust, not only from consent, but by transparently showing an understanding of the value of individuals’ data. Ultimately, strengthening trust through the building of a new kind of relationship. Creating a relationship between organizations and individuals based on equal benefit, delivering shared value to the individual, the organization and to society as a whole.

Companies must take the lead in bringing business and society back together. The recognition is there among sophisticated business and thought leaders, and promising elements of a new model are emerging. ⁹

The value of data

We see how data are altering the way decisions are made, not only within organizations, but by the individual. Due to the sheer quantity and value of data, the Personal Information Market Services is a burgeoning industry. Ctrl-Shift ¹⁰ found the market to be worth £16.5 billion in 2014, making up 1.2% of the UK economy. This is a greater percentage than either automotive (0.7%) or the pharmaceutical industries (0.97%).

Consumers consider the cumulative value of a common set of their personal data to be worth approximately £140, a figure businesses need to bear in mind when balancing the use of personal data and supplying services in return. However, consumers place a higher value on their data when sharing it with a company they are unfamiliar with – rising to nearly £200 for the full set of data commonly shared online. ¹¹

Value for organizations

According to Accenture, ¹² there are chief advantages to be gained from the ability to deliver better customer experiences (77% of respondents), including, most importantly, entry to new markets and insight that drives product innovation (52%).

Of course, there is a lot more value that can be extracted from data but only with the consent from individuals. Because individuals now recognize the value of their data, they want to know what it is being used for and the added value that they will gain. With the right technologies, gaining consent will lead to more informed insights, which can only help advance product and services strategies, marketing, financial forecasts and all manner of decision making and planning. But only if the data are available and consented.

72% of consumers agreed that data sharing is part of the modern economy.

81% of consumers believe the data is theirs to exchange for value.

But only 7% believe they get the most benefit from the exchange, while 80% think the brand gets the most benefit.DMA. ¹³ Data privacy: What the consumer really thinks, 2015.

Value for individuals

With individuals waking up to the fact that their personal data have value, the question is: What added value are the organizations providing?

We can point to greater choice, increased convenience, higher discounts and a more personalized experience. But while this makes the experience more enjoyable and satisfies consumer needs and desires, it does not necessarily equate to real and sustainable value. Not for the individual. And usually, not for society. It means the challenges facing leaders today regarding accountability are essentially the same as 30 years ago.

How can we ensure data protection while enabling the personal and societal benefits that come from its use. ¹⁴

While we might think that value equates purely to financial gain or reward, that is not the only driver for individuals. Yes, they will be looking for what benefits them directly, like improved products and services, but it’s also been found they are concerned about whether their personal data have added benefit to the society as a whole. If organizations can demonstrate how the use of data can improve services or outcomes, fulfilling a broader societal need, individuals will be more willing to share their personal information.

The most important takeaway from this study’s research is this: Consumers want to share their data – if the benefits and the privacy controls are right. ¹⁵

The digital identity

The Boston Consulting Group paper entitled, ‘The Value of Your Digital Identity’, advises that ‘in an increasingly digital society, personal data has become a new form of currency. The biggest challenge for political and business leaders is to establish the trust that enables that currency to keep flowing’. They describe the digital identity as the sum of all available information about an individual which is held digitally.

Right now, the digital identity is more complete and traceable than ever before. The exponential growth in available data and big data capabilities to process and analyse it, drives organizations to gain better understanding of the needs and wants of their market. While, as we have seen, individuals’ concerns centre on issues of privacy and control over their personal data, organizations are concerned that making mistakes could cost them customer and supporter trust.

Alongside any commercial drivers, there are also the new regulatory factors and compliance to consider. Currently, organizations have industry regulators, ombudsmen and the Data Protection Act (PDA) to conform to. But once the GDPR comes into place, this will override the DPA, adding more levels of complexity to the everyday gathering of individuals’ personal data.

Increased regulation and higher awareness when data are misused, such as high profile fines over lack of transparency, might lead to some organizations to try to circumvent legislation. However, this will provoke more stringent regulations. Now is the time for organizations to prepare thoroughly for GDPR. Start as they mean to go on and trust will be regained.

If systems and processes are in place to fulfil the new rights of the individual, as set out by the GDPR, there are positive impacts on the individuals’ reaction to organizations. As we’ve seen, it keeps coming back to trust – and to strengthen trust, the individual needs to know their data are held safely and securely. They require data to be exchanged consensually, with both individuals and organizations reaping the benefit. Indeed, far from an obstacle, the introduction of GDPR could present a real and exciting opportunity. An opportunity to:

Redefining the relationship between individuals and organizations, where there is mutual value exchange and respect, will cement a long-term trust that will in turn unlock data disclosure. It’s why it’s down to the organizations to take the lead in bringing business and society back together.