The following is a guest contributed post from Samir Addamine, Founder and Chairman of FollowAnalytics.
Starting on May 25th, the EU will be enforcing its General Data Protection Regulation, otherwise known as GDPR. The regulations apply to any business that has access to or collects information from EU citizens, even if that business is located in a country outside of the Union. Companies who don’t comply face heavy fines: up to €20 million, or 4% of their annual revenue worldwide, whichever is higher. To say GDPR will have an impact on the future of mobile apps and data privacy would be an understatement.
In many ways, the passage of GDPR anticipated the current debates around privacy that we’re having now, in the aftermath of the Cambridge Analytica scandal. Mobile apps have been collecting our information for years, but now people are starting to push back and demand measures to ensure their privacy. GDPR addresses these concerns by enshrining the “right to be forgotten”, which allows EU citizens to demand that companies erase any data on them that is not vital to their business, as well as the right to see all of the information that a company has collected on them.
Nor are the concerns around privacy that GDPR is meant to address limited to the EU. A survey conducted by the Pew Research Center in 2016 found that a majority of US citizens have concerns over the information they share online. According to the survey, 86% of Internet users have taken steps in the past to minimize their digital footprint, with another 61% saying they “would like to do more” to protect their online privacy. In addition, younger people are more likely to take measures to safeguard their online privacy – a development that companies would do well to note, as it could define the way that people of younger generations interact with one another online.
Investors, too, are becoming interested in data privacy – and when investors get interested in something, that means that they see a future in it. After all, they are the ones who spend so much time with their ears to the ground, looking to see what the “next big thing” will be, so the fact that startups that deal directly with issues of data privacy are receiving funding is revealing. Similarly, multiple investors are now suing Facebook over their mishandling of user data, a development that comes on the heels of a precipitous fall in stock price.
Mobile app providers need to stop seeing GDPR as an impediment that they need to overcome, and start seeing it for the opportunity that it is. In order for any business relationship to be successful, whether it’s between business and investor or business and consumer, there has to be an element of trust. If a person feels that they cannot trust a company with their personal information, then that company has lost a customer – and if many consumers feel that way, then investors will lose faith in the company as well.
Because GDPR requires mobile apps to be transparent with their users, it can help to restore consumer trust, which then strengthens the relationship between them and the company. In other words, it can be used as an advantage, a way of indicating that one company is more trustworthy than another. However, as of yet, relatively few companies appear to be taking this route; a report by Gartner finds that most companies have spent the lead up to GDPR enforcement merely to meet the requirements of the legislation, and ignoring the potential that GDPR creates for their business.
As the report notes, not only does the regulation force mobile apps to be more accountable (and therefore more transparent), it also is a good opportunity for them to think about the best way to get value from their data. Contrary to popular belief, GDPR doesn’t mean that mobile apps are prevented from collecting data; rather, they need to be able to show a reason for collecting it, which then requires a detailed strategy for how to get the most value out of customer data. Gartner points out that “there is great potential to obtain consent to increase data access, use and sharing rights – in line with the goals of a wider organizational data and analytics strategy”, which can in turn lead to a competitive advantage because it prioritizes the value of the data rather than the process of data collection itself.Somewhat surprisingly, while many mobile app companies I speak to are (rightly) proud of the fact that they’re GDPR compliant, or that they are taking steps to become compliant, few seem to have thought about the impact that GDPR will have on their existing product designs. After all, so many mobile apps come laden with SDKs that collect user data, and it seems shocking to me that hardly anyone is considering the impact that GDPR will have on product development.
It’s early days yet, and it remains to be seen how smoothly the process of GDPR enforcement will go. Nevertheless, it’s time for companies to stop being so defensive, and to start thinking about how they can turn GDPR into an advantage for their organization.