Along with General Data Protection Regulation (GDPR) consumers and citizens are getting increased rights to control and manage their personal data. This is one of the main targets of the new regulation: The EU-wide regulation should help European business to boom, but as importantly the control and therefore the responsibility of personal data is returned to data subjects i.e. consumers and citizens.
During the past years, we have treated our personal data quite carelessly. It’s been easy to just type in your name or email address to get a new, appealing mobile app or to read an interesting article on a news website, without paying too much attention on how and where your personal data is being used. We are accustomed that organizations ask our consent for multiple reasons: cookies, site terms and so on. Often, we just click “I agree” button, without much thinking. We are too busy to read the boring, long and incomprehensive legal texts in site terms and privacy policy pages hardly ever stopping to think what we’ve just agreed to.
In the future, things are hopefully changing. GDPR requires that the organizations collecting and using personal data provide information about the data processing in an easily accessible, understandable and clear manner. In case the lawful basis for data processing is consent, it should be freely given, specific, informed and unambiguous indication of data subject’s agreement on the processing of his/her personal data.
It’s interesting to see whether the data subjects’ increased rights and a better grasp over personal data leads to empowerment of individuals as consumers and citizens. Is the awareness spreading faster than organizations can adjust their services and processes to follow the new regulations? Or do we become aware of the new rights only as we enter a name in a web form and suddenly a pop-up window appears telling us shortly and precisely for what reason the information is collected and processed, and what are our rights concerning it. The GDPR principle of transparency ensures that whatever the legal basis for personal data processing, the data controller is obligated to inform the data subject of the purpose the data is being used. WP 29 working party (an advisory body made up of a representative from the data protection authority of each EU Member State), has published a practical guidance and interpretative assistance on the transparency principle.
Many experts claim that along with the GDPR, trust towards service providers becomes ever more important business advantage. Customers expect that their personal data is handled appropriately and is not used for any other purposes than informed.
How should you start building the trust?
The first step is to put the transparency principle into practice and secondly to develop the customer experience to ensure that your customer feels secure and confident when interacting with you. The key elements in building the trust depend on your customer segments and individuals. Therefore, it is utterly important to understand your own customers and end-users: what are the meaningful elements for them that are building trust on your organization as a service provider?
Trust can consist of many different elements: smoothness of the service, expertise of the customer service personnel, usability of a digital service and the transparency of customer communication.
It’s essential to find out the most meaningful and important things for your customers in those moments when their personal data is requested and handled. What are the critical points on their customer journey? In addition, you should plan how to execute the transparency principle in your service in practice. In other words, plan how you make sure that your customers really understand why their personal data is needed and for what purpose it is requested and processed.
These topics can be addressed and answered with service design methods. Customer understanding, user-centric design and prototyping help to find and plan the solutions and activities that can improve customers’ trust on your services.