There are now less than three months left until the EU General Data Protection Regulation (GDPR) comes into force. Although it seems like we’ve been talking about this new legislation for a long time, companies in every sector have been slow to react, with almost a third of small UK manufacturers not even beginning GDPR preparations.
If you haven’t already, the time to start your GDPR program is now, so this blog examines the implications of GDPR for manufacturing and what you should do first.
The new data protection regulation comes into full force in May 28, 2018 and covers the personal data of any EU resident. Any company that has employees, suppliers or customers in Europe must comply with the regulation. Any company that processes data from Europe – say a US marketing department creating personalized communications for a global product launch – will also need to comply with the regulation.
The penalties for non-compliance are fierce. A company can be fined €20 million or 4% of annual turnover whichever is greater. The obligations are stringent. A company must know exactly what data they have, where it is, why they have it and what it is used for. It appears that very few manufacturers can meet those requirements. According to a YouGov poll of 300 UK manufacturing businesses, only three in every 10 firms have started preparing for GDPR even though almost 20% said that the maximum fine would put them out of business.
I don’t want to go into too much detail about the legislation here – we’ve created an excellent GDPR microsite where you can find out everything you need to know – but take a look at some of its effects on manufacturing.
GDPR in manufacturing: Another data challenge?
As you get better at handling Big Data, GDPR in manufacturing raises another data management challenge. This time it’s about personal data. Any company that has employees, suppliers or customers in Europe must comply with the regulation. Any manufacturing company that ships or sells directly to customers, employs staff in Europe, has suppliers or trading partners in Europe or uses personalized and targeted marketing to European prospects will need to comply with GDPR.
The new legislation, in effect, shifts the rights to manage personal data from the organization that holds the data to the person themselves. The individual has many new rights, including the right to know exactly what information a company has on them – including cookies and IP addresses – and the ‘right to be forgotten’ where the company must quickly remove all data from their systems.
The regulation requires you to know everything about the data you have on your customers, your employees and your trading partners. You must ensure that you only have personal data for legitimate reasons and that the individual has given you clear consent for you to use their data in that way.
While this is most certainly a challenge for every organization – but especially large manufacturers who have been collecting and storing data for many years – it is also an opportunity to gain greater (and granular) control of the data within your organization. By understanding where and how you use all the data within your organization, you build a foundation to gain more value from that data.
Let me explain.
GDPR: Threat or opportunity?
GDPR in manufacturing can be seen as a potential threat to innovation. As companies move from mass production to customization, they have to be able to exploit the personal data of customers in order to tailor products and services based on their behaviours and preferences. The regulation appears to make this more difficult by apparently restricting the organization’s use of the personal data they have.
However, things are not quite what they seem. Time and again, research shows that customers want more personalized service but aren’t willing to provide their personal details to get them. Research from Accenture points to the reason why. They found that almost three quarters of global customers believe that some of the companies they deal with simply can’t be trusted with their data. 58% say that companies can earn their trust by being more transparent about how they use their customer’s data.
If you look at it that way, GDPR in manufacturing provides a framework for building trust with customers and employees that will allow you to redefine the relationship you have with them. GDPR doesn’t stop you from working with personal data. It requires that you and the individual agree on how that data can be used. If you work to gain the proper consent and are able to transparently demonstrate that you are using the data properly, customers will be far more willing to consent to their data being used to continually improve and personalize the services you deliver.
That’s an essential step, for me, if manufacturing is to move from an era of mass production to an era of mass customization.
Where to start with GDPR in manufacturing
There is only one place you can start and that’s fully understanding what personal data you have, where it’s stored and how it’s used. Only once you have a clear picture of the data you have, can you deliver the system and process changes you need to comply with GPDR. OpenText™ has created GDPR Discovery and Analysis Services to help organizations get to grips with their personal data.
We’ll be covering GDPR in manufacturing during our Innovation Tour in March and April and at Enterprise World in July. In the meantime, if you’d like to know more about GDPR complete our short contact form and we’ll be happy to start the conversation.