A business hoping to provide a good customer experience must deal with an increasing amount of personal data – from customers’ personal details, to how they want to be contacted.

With the new General Data Protection Regulation (GDPR), use of this data will become far more complicated. Businesses that don’t re-address their processes and approach to data handling in line with the regulation will be at risk of data breaches and, ultimately, financial penalties of €20 million, or 4% of global annual turnover – whichever is higher.

However, GDPR is much more than just a threat. PwC recently claimed that GDPR represents a significant opportunity to transform businesses’ approach to privacy and harness the value of data, all while preparing any business for the future of the digital economy. Organisations must see the new regulation as an opportunity to build solid relationships with its customers, based on trust, clear communication and transparency. By following the next four points, marketers can be confident that they are ready for not only GDPR, but any future changes to the law:

1. Make sure your customer understands how the regulation will affect them

Even before the GDPR is signed into law, communication will play a significant role in ensuring customers understand what the regulation will mean for them, and how the business will use their data. Failing to do this could mean a business is setting itself up for failure before the hard work has even begun.

Look at Sonos, for example. When it updated its speakers, the audio company began an email marketing campaign asking customers to acknowledge changes to its privacy statement. The statement outlined what information it collects, how the company uses this data, and the choices open to customers on how their data is used – with the result that customers weren’t surprised or upset by the changes. Although not directly linked to GDPR, this is a prime example of how businesses must use clear, plain language when informing customers about changes to data collection and handling. Failing to make citizens’ rights under GDPR clear could place a company in breach without ever losing any data.

2. Communicate with your customers in the way they want

One of the biggest changes under GDPR will be the new ‘consent’ clause. Consumers can adopt complete control over how companies process and use their personal data – meaning tick-box compliance will no longer do.

This means that, for instance, the next time a bank designs a marketing campaign advertising its new current account deals, it must assess which customers have given permission to be contacted, and over what channels. The use of a customer’s data in the right way, at the right time and with the right message, will go a long way in complying with the new regulations, while also keeping the consumer happy. For example, if the bank knows that customer’s preferred channels, they can combine that with other data to offer an account that is perfectly tailored to attract their interest. Communicating with customers in the right way has always been an important part of the customer experience; with the threat of fines hanging over them, businesses will find it more crucial than ever.

3. Remove barriers to sharing data

Knowing exactly how customers want to interact with the business is critical; but knowing how to store and use data is equally as important, when trying to both remain on the right side of the law and have a conversation with customers.

Previously, data has often been stored deep within departments and rarely shared. Take an energy company; when such a system was first implemented, there might have been little or no reason for Kelly in customer communications to know Jennifer from Blackburn’s browsing history. Since May 25, however, consumers will be able to edit, delete or share their own data on request. This won’t be possible if data is lost within company departments – meaning that if Jennifer wants to access and remove the energy company’s data on her, Kelly will need to know how to give her contact. To make this possible, all parts of the business must collaborate to ensure data flows freely across the company. This approach means everyone will be able to see exactly where each customer’s data is stored, no matter the department they work in. This isn’t merely a compliance requirement – the greater visibility the business has over customer data, the better it can understand its customers, and so the better the experience it can offer them.

4. Build in flexibility for the future

As data becomes increasingly precious to the consumer, it is inevitable that GDPR will just be the start of regulations designed to give citizens more power over and faith in the way their personal data is used. As a result, preparation for GDPR should be seen as the beginning of an ongoing process.

This approach means that flexibility needs to be key when adopting new processes and technology in line with GDPR. For instance, if consumers begin demanding new customer experiences from than their health insurance provider – such as using data from wearable devices to suggest lifestyle changes, or augmented reality (AR) to guide them through policy documents – will the insurer be able to seamlessly slot this into its existing processes? Similarly, if future legislation demands customer data is opened up even further, will the business be able to do this simply and cleanly – or will it entail a root-and-branch transformation of the organisation?

Again, these future changes can represent new opportunities as well as new challenges, but the business needs to ensure it is preparing for the future now and looking to build on its customer relationships.

It’s not all bad…

The creation of new regulation is a time of opportunity. Making the appropriate changes will ensure that not only can businesses comply with GDPR, but they can improve their relationship with the customer – built on clear communication and trust. Ultimately, organisations can ensure that, for their customers, GDPR can be the beginning of a beautiful friendship.