Company

GDPR promotes customer centricity - Interview with Jörg Hagen (Part 2)

Photo: iStockphoto

26.07.2018

Mr Hagen, some companies see the General Data Protection Regulation as a brake on digital transformation. Do you share this view?

Well, that's a scenario I don't share. I think there is a lot of fear and uncertainty involved in such views. What am I allowed to do and what am I no longer allowed to do? I see the GDPR as a benefit for "customer centricity" - we live in the age of the customer. Customers only want to receive advertising and offers that are relevant to them and that they really want. Being bombarded with advertising, content or service offers that completely ignore their own needs and interests only arouses resistance. Adblockers are just one consequence of this. This is an appeal from the recipients to the senders to please make more effort with customised communication.

So does the GDPR offer companies new opportunities?

Yes, most certainly. Instead, companies now have the task of configuring offers better and in a more needs-orientated way, while respecting the customer's wishes. The customer is the sovereign who voluntarily and with their express consent provides them with the necessary data for the creation of personas. The customer benefit of the data protection regulation lies precisely in the fact that consumers are becoming more aware of where and with which apps and buttons they leave data traces. In other words, responsible handling of data on both the company and customer (i.e. user) side.

The customer benefit of the Data Protection Regulation lies precisely in the fact that consumers are becoming more aware of where and with which apps and buttons they leave data traces.

So why hasthe added value of the Data Protection Regulation received so little attention?

I think this is primarily due to the "German over-precision" and legal interpretation of the GDPR. We want to do better in Germany than US companies and authorities, for example, who have their own way of handling personal data. What's more, there are already cases of warnings and threats of fines being launched by lawyers - so it's easy to get bitten by the fact that there is no reference to the use of Google Fonts. However, the GDPR is not the exclusive domain of specialist lawyers: it is a topic that should be addressed by management boards in the context of customer-centric strategies. Implementing data protection and data security is then a matter of pure craftsmanship and the task of IT, marketing and data protection officers. Basically, it is about a few adjusting screws in the interactive process that guarantee the objectives of data protection.

Photo: Steinbeis Papier

And what are the core objectives of the new data protection?

In no way is it about treating customers like a "raw egg" or turning "data handling" into a legal lecture. The customer's empowerment is confirmed more clearly than before: "You alone decide what happens to your data. We guarantee you confidentiality and that your data will only be used by authorised persons. We also guarantee you integrity - the integrity of your data and protection against manipulation. When we use your data, we do so for your benefit and in your interest." The GDPR is the firewall that utilises the personal sphere of users in their interaction with companies in the sense of confidentiality and integrity during the data transfer that takes place online millions of times a day.

The GDPR is the firewall that utilises the personal sphere of users in their interaction with companies in the sense of confidentiality and integrity when transferring data, which takes place millions of times online every day.

So the customer and company conclude a kind of "data usage rights agreement"?

That's right. It is data democracy, the right of co-determination called "informational self-determination". This form of legitimised data culture also creates competitive advantages. It shows good style and seriousness. Values that consumers appreciate. The interest is mutual: the customer wants precise offers and relevant services, the company wants to deliver exactly that and needs the relevant information to do so. So the two make a legally clean compliance deal. Supported by smart processes.

What do you mean by smart data protection processes?

It should be user-friendly and also a customer experience. Customer success is what you call it in marketing. In other words, simplify and consider where consent is best given, at the beginning or end of the communication chain and when the right information about data processing is provided. I also don't have to constantly ask the customer for permission for the same process, just once is enough.

n Content and rights. Customers have the right to clarity regarding the collection, storage and use of their data. They are also entitled to a proactive explanation of their data protection rights - when, where and how they can object, how they can exercise their right of cancellation and in what form they can obtain information. It almost sounds like a criminal offence, but we are dealing with a "permission requirement" for data processing. The customer must expressly authorise the data processing or be legitimised by law.

Data security in offices. What can you tell us about this?

There are encryption technologies and high standards for the IT-based processing and transfer of data. Password-protected computers and the locking of PCs during absence from the workplace are a must. Documents and files must be locked away. Data-sensitive processes may only be processed by authorised employees. The categories of data collection and utilisation must be recorded. Furthermore, data protection-compliant regulations should be established for the scope of private use of e-mails and the Internet, the use of business IT systems or for private purposes. The use of private data carriers and devices in the company network should also be prohibited.

Recycled papers with low whiteness offer particularly good opacity. Even when packaged in standard envelopes, nothing shines through.

Let's talk briefly about document security and data transfer via letter post. Does data protection provide for innovations here?

Not really. The secrecy of correspondence is a fundamental constitutional right. The postal services must ensure that it is observed in processing and delivery. For insurance companies, however, data security must be guaranteed in the form of opacity in letter post. Under no circumstances should the contents of confidential documents be allowed to show through when the letters are held up to the light. Recycled papers with low whiteness offer particularly good opacity. Even when packaged in standard envelopes, nothing shines through. Data security in offices and administrations also means shredding. Documents that are no longer needed and data-sensitive documents belong in the shredder, which in turn provides a raw material for the recycled paper industry.

Mr Hagen, thank you for the interview.

 

You can find the first part of the interview here.

 

Cover photo: iStockphoto

Veronika Warmers

Responsible for marketing, social media and e-business at Steinbeis Papier. Circular economy, recycling and biodiversity are the topics close to the heart of the graduate business economist. Enthusiastic blogger for the Steinbeis editorial team.

Posts by Veronika Warmers

About the Steinbeis Papier company
Altpapieraufbereitung

For production
Wald

To the sustainability calculator
Druck- Kopierpapiersortiment

To the shop
Leider verwenden Sie einen veralteten Browser.
×
Unser Internetauftritt wurde auf Basis zeitgemäßer und sicherer Technologien entwickelt. Daher kann es bei der Nutzung eines veralteten Browsers zu Problemen bei der Darstellung und den Funktionalitäten kommen. Wir empfehlen Ihnen, einen anderen aktuellen und kostenlosen Browser zu nutzen:
Mozilla Firefox
Google Chrome
Microsoft Edge