Creating a competitive advantage with GDPR

GDPR as an opportunity to become more efficient, secure and competitive

By Bram van Tiel

For companies operating in the telecom, entertainment and media industry, known for its large-scale use of personal data, the awaited new General Data Protection Regulation (GDPR) has been an approaching tsunami of additional regulatory compliance procedures and customer inquiries about their personal privacy. With the prospect of reputational damage, high penalties of up to 4% of an organisation’s global annual turnover or 20 million euros (whichever is greater), GDPR compliance is understandably surrounded by a great fear of ‘doing it wrong’. As GDPR came into effect on 25 May 2018, Telco and E&M companies should venture beyond compliance and seek ways to use GDPR to their best advantage, possibly to create a competitive advantage with their policy on data privacy. Subsequently, this competitive advantage will turn into a hygiene factor for larger media companies. We strongly believe that 25 May has been a small milestone in a multi-year process in which citizens, politicians and businesses are gradually moving towards a more datasavvy society.

Personal data-driven industry

Being a business-to-consumer market by nature, a mutual dependency exists between media companies and their customers/users. Telco and E&M companies therefore heavily rely on, possibly more than companies in other industries, the use of personal data for tailored product offerings and on profiling1) to target specific (potential) customers for marketing or price differentiation. Telco and E&M companies monetise the online and mobile data they harvest through the development of new products and the sale of ad inventories to advertisers at higher rates. Well-known examples are the movie and series selections Netflix makes for you or seeing ‘People who read this article also read...’ at the bottom of the page when reading an online newspaper article. Pay TV is also making steps in addressable (targeted) TV advertising. For Telco and E&M companies, the analysis and use of personal data has become an integrated part of their business as it results in a deeper understanding of consumers. Consumers who, for their part, are more loyal and engaged because they get to see personalised content and targeted advertisements.

1) For information on profiling of personal data and the use of profiling under the GDPR we refer to the article: ‘Use of personal data’ in the Entertainment & Media Outlook for the Netherland 2017-2021

GDPR compliance

The new GDPR framework has put pressure on both the revenue model and the technologies used by Telco and E&M companies. As a result, the industry saw the direct effects of the new regulation as some American newspapers, such as the Los Angeles Times and the Chicago Tribune, decided to shut down their European branches after the GDPR effectuation date2). Also, the use of third-party data powered by external data brokers became restricted. This affects large advertisers that will have to rely on their own data more, instead of sourcing from a wider range of other data platforms. In addition, GDPR has provided no off-the-shelf solutions for compliance, making it clear that it is up to Telco and E&M companies themselves to think about how to safeguard data privacy, while maintaining their current revenue models.

2) Companies under strain from GDPR requests – Financial Times, 02-07-2018

Technological roadmap

Although a significant challenge, an important aspect about the new European regulation is that all companies are facing it together, making it also an opportunity to become more efficient, secure and possibly gain an advantage within the highly competitive E&M market. The basis of this advantage starts with getting and maintaining a firm grip on the status of data privacy that is driven by the right (use of) technology. This is in line with the mandatory GDPR principles of privacy by design and privacy by default, meaning that data protection in data processing procedures is most secure when already integrated in the technology used. The right technology makes privacy frameworks and data continuously visible in a unified manner, while shaping a sound data strategy. Consolidating all aspects of privacy management in a monitoring and decision platform, supporting both privacy officers and customers, is the way to go.

Put the (privacy of your) customer first!

When having the technology in-house to monitor and control data privacy, the implementation of GDPR could also be the right moment to reassess your current privacy standards, and explore how data privacy could become an inextricable part of your client strategy, as well as part of your data strategy.

When companies can show customers that they properly guard the privacy of personal data, it can help strengthen the relationship with consumers based on mutual trust. After all, before buying products and services, consumers may increasingly want to determine whether a company respects and protects their personal data the way they want it to be. With low switching costs for customers within the media and telecommunication industry, data privacy could present an advantage on competitors.

By means of technology, companies can gain a competitive advantage by providing customers with the insight into why they offer certain products. For instance, OTT and music streaming providers already hint towards this insight in their selections, by highlighting the set of earlier consumed services on which they base their recommendation. Companies could also offer their customers an integrated dashboard with all the products and services these customers purchased, presenting everything the consumer watched, listened to, played or read. Such a dashboard will make it easier for customers to manage their own data, as stated in GDPR. Although large companies such as Google and Microsoft have started using such privacy dashboards, GDPR can possibly speed up the development of integrating more data into these dashboards. 

Becoming GDPR-compliant has put data privacy on the agenda of all Telco and E&M companies dealing with EU personal data. For those companies that take on the challenge of successfully integrating data privacy into their client strategy, and have the technological capacity to do so, safeguarding personal data has the potential to become a real USP.

Contact us

Bram van Tiel

Partner Cybersecurity & Dataprivacy, PwC Netherlands

Tel: +31 (0)88 792 53 88

Follow us