Jorge Tellez, Founder of QualyCloud, one of the participants in the Digital One-Stop Shop Catalyst project, outlines how GDPR compliance isn’t just about security and privacy compliance — it’s also an opportunity to take customer centricity, specifically trust, to the next level.
The privacy and security of customers’ private data have been major priorities for communications service providers (CSPs) for many years, but the topic has become increasingly sensitive due to:
- Growing diversity of digital services resulting in the collection and use of ever more customer data.
- New technologies and marketing applications supporting additional possible usages of the data.
- Growing customer awareness and sensitivity around the protection of their private data.
- Greater cybersecurity risks.
In that context, the EU’s recent publication of the GDPR (General Data Protection Regulation) further extends the privacy and security obligations of services providers. It is an enforceable regulation that places a number of strict requirements and liabilities on CSPs and their peers in other industries. These will have to be accommodated into companies’ processes and systems when the regulation takes full effect on May 25, 2018.
Implications for CSPs
Obligations such as ‘the right to be forgotten’, data portability, privacy by design and by default, and pseudonymization, as well as the need for service providers to be able to materially prove their compliance with GDPR, will all have a significant impact on CSP customer engagement applications.
While the challenge exists for many industries, it will have a particular impact on CSPs where, in spite of huge transformation efforts in the past years, customer data is still scattered across the many systems supporting channels, billing, CRM (customer relationship management) and BPM (business process management).
There are three specific areas where CSPs must guarantee security and privacy:
- Collection of customer data, ensuring that there is no interference with other systems in this process
- Storage and management, providing the guarantee that sharing of selected data remains fully under customer control
- Protection against data breach attempts by external agents
Further, as CSPs extend their footprint into the internet of everything (IoE) and digital services, they will collect and handle more and more diverse customer data. In some cases this data will be more sensitive, or at least sensitive in a different way, such as that related to insurance, banking or health digital services.
And what is at stake is significant, not just in terms of customer trust, but also financial liability – the regulation includes severe sanctions in cases of non-compliance, including fines up to €20 million or 4 percent of a company’s global annual revenues.
GDPR as a catalyst for customer centricity
Apart from setting new regulations and sanctions, the GDPR aims to empower the customer in the management of their personal data, driving behaviors that are totally in line with the customer-centric approach that our industry is actively pursuing.
Several items in the new regulation, such as explicit consent, right to be forgotten or data portability, are already considered key components of customer centricity.
Seeing GDPR compliance as an integral part of a wider opportunity around developing trust should encourage service providers to consider innovative solutions – such as creating a specific customer private data hub (a personal space which can be both open and highly secured) within their architecture. This would provide a single area in which customer data was handled and managed for both CSPs and their digital services partners, providing both regulatory compliance and giving confidence to customers.
Of course, this approach can only be realized through fully leveraging API libraries but this is an area of excellence for CSPs, underpinned by TM Forum Open APIs program.
The creation of such a ‘customer private data hub’ could also open the door to additional data monetization opportunities, e.g. in advertising (shifting from targeted advertising to customer-selected advertising) or analytics (processing customer-specific ‘small data’ at a lower cost than processing a huge volume of ‘big data’). Given the GDPR consent requirements, it is also a way to ensure greater customer engagement and enhance the KYC (Know Your Customer) process.
The Digital One-Stop Shop Catalyst
The ‘digital one-stop shop’ concept, showcased by our Catalyst project, is an excellent example of the new privacy and security challenges that CSPs have to address in the delivery of their digital services.
The concept aims to leverage CSPs’ existing distribution channels to provide extended digital services, enhancing the overall customer interaction process in the one-stop shop environment, whilst guaranteeing the highest level of security and privacy of customers’ data.
In order to achieve this goal, we have incorporated a specific data hub into the project architecture to collect, store and manage private customer data for all services (communication services and other digital services). The hub is totally focused on privacy and security in GDPR terms, and works as the single GDPR compliance engine, supporting all other customer-related applications. The principle of a single GDPR compliance engine is to provide the Data Protection Officer with a solid tool to prove compliance when needed, and is our response to the GDPR ‘privacy by design’ rule.
Together with Orange (as project champion) and QualyCloud’s partners Infonova R6, NTS Retail and Globetom, we have created a fully integrated, customer-centric and GDPR-compliant environment for one-stop shop operations — the scope is actually broader than the privacy and security features described above. It also enables an enhanced customer journey, facilitating context handover from channels, as well as state-of-the-art in-store support tools.
Our entire project team will be delighted to demo the Digital One-Stop-Shop platform at TM Forum Live! (May 15-18, Nice, France) and elaborate on the above. We do hope that many of you will be able to visit us.