Well, what a month right… as everyone has either been busy with implementing GDPR or watching what others are doing! Having spoken to both big and small businesses before and after the big day on 25 May 2018, here is the first of three Post GDPR Analysis reviews focused on impacts to the Operating Model from me …
I will be looking at answering the following three questions in each of the posts:
How have enterprises big and small both adapted their Operating Models?
What are some of the chosen solutions from both inside the European Union (EU) and outside the EU?
Is GDPR an opportunity for businesses to transform their Operating Models?
Let’s not forget that GDPR is all about the PROCESS of how you manage Customer DATA through the entire value chain of your organization’s Operating Model … and PROCESS & DATA are the two key components of the Operating Model. I have previously written about how DATA has become a currency and our most valuable commodity… and with this post, you’ll start to see the importance of DATA and the implications of regulatory changes on DATA and the PROCESSES that control it.
We start with a review of small businesses first, especially given the sheer complexity of what some bigger organizations have had to take on and how they have chosen to deal with the need for GDPR implementation or not…
Post GDPR Analysis Round-Up for Small Businesses
While many smaller businesses may appear to have less complex operating models and hence some may perceive that a regulatory change like GDPR might have little to no impact … it has been quite the contrary in reality.
Why is this?
The answer of course lies in the Digital Economy.
Cloud technology has removed the big technical challenge of most organizations from the 1980s and 1990s known as Service Oriented Architecture (SOA), which required a lot of investment in technical services and infrastructure that even the bigger businesses struggled to invest in. The Cloud has made a global network of services available to the masses of small businesses at a fraction of the cost.
Today’s digital services specially Software as a Service (SaSS) applications has helped many smaller businesses to become highly efficient at servicing many hundreds, thousands, and 10s of thousands of customers, or more… It has provided small businesses with quick and relatively cheap access to capabilities which in the past would have required significant amounts of capital to build internally. Capabilities like Sales, Marketing, Customer Servicing, Distribution or Fulfilment, and many more, which all formed significant part of the value chain of an enterprise, can now be serviced via apps, and even outsourced. There are apps that provide CRM (Customer Relationship Management) and Sales support, Marketing via automated emails or Social Media Channels, Customer Support routing and tracking, Product Distribution and Delivery tracking … just about anything …
Today, these services are more than just automated services as well, with the aid of more sophisticated technologies such as big data and artificial intelligence (AI), where the machine can learn to think for us and then start to think faster than us … Well, we are not completely there yet … where machines can do everything, especially if its more on the creative side… but that time is fast approaching… as machines continue to learn and improve …
All of this is possible because of DATA and how we are using machines to perform more and more of our PROCESSES in our enterprises.
So if you run a smaller enterprise, and you either offer your products and services through SaSS apps to customers, and/or you are using SaSS apps to support any of your business processes which handles any form customer data, then your Operating Model and hence your enterprise is impacted by GDPR.
So… POST GDPR SOLUTION No #1 is…
MOVE TO CUSTOMER LIFETIME VALUE DRIVEN OPERATING MODEL
For some businesses like the Stratability Academy … as in my business, a professional services training company, that serves content online to customers supported by live in-person workshops, almost every process and our entire customer list, so all of our DATA, was actually impacted by GDPR.
Luckily… for us and any smaller business that has not focused too heavily on push marketing through the mass email blast approach to sell to customers, the impact has been minimal.
Oh… when I say minimal, this is of course relative… and by no means was the effort to implement GDPR with a small team across half a dozen or so SaSS apps small. It took us several weeks and many hours of hard labor to do this ourselves following the guidance from the ICO. The impact to our business as usual operating model was so significant, we literally stopped producing or doing anything else, such is the impact of GDPR for about 8 days. This is no different from a substantially large team of people (usually consultants) working on GDPR implementation in a large corporate, taking even longer, possible several months full-time to execute the changes required.
Since inception, Stratability’s business model has focused on providing quality content to the right customers … those customers who are highly engaged with our content services, and who are keen to help us co-create so that they get the quality content and services that they actually want. Our approach to PULL quality customers towards our quality content, as we seek to capture and deliver customer lifetime value, means that our relatively small list of quality customers could be easily engaged to move over to our new Membership Portal where they can continue to access their quality content services, both free and paid. In fact, we sent our final email newsletter as part of our final non-GDPR announcements running up to the 25th May.
Stratability like many other businesses who offer SaSS or Content just refocused or emphasized our operating model activities towards our subscription-based products and services and used our community driven engagement channels to communicate with customers supported by email. For prospects, we will rely on producing quality content that is SEO tuned to organically PULL new customer towards our services.
A summary of our actions implemented to support and enhance this model post GDPR were:
- Kill the email newsletter and all email marketing communications, rendering the need for a push style email marketing list redundant
- Clearly tag all customer purchases at product component level to ensure paid services continue to receive appropriate communications based on the Terms of Service, already accepted by the customer
- Set up GDPR compliant communications forums within the portal in which to provide regular updates on new quality digital products and services
- Validate/update the communications preferences functionality to ensure users can easily set and change their communications preferences including unsubscribing to any specific notifications (NB: As our portal was new, we did not need to set up a new page on login to ensure users were validating and updating their preferences, which is what may digital services have done)
- Re-Classify all content including updates to SEO across all web and social media channels to ensure our quality content can be found using organic and related search criteria (this is still in progress and ongoing…)
- Extend customer relationship management process to monitor non-active members customers, re-using the ‘Dis-engaged’ tag, and begin customer data clean up and deletion process upon customers falling into this ‘tag’ based on appropriate trigger
From my initial scan of other global SMEs who offer either SaSS services and/or education or content services online, it appears that many of these enterprises have followed a similar interpretation of GDPR and hence implemented rather similar new processes across their operating models to comply with GDPR. Examples include: Kajabi, ActiveCampaign, Convertkit, BusinessOptix …
It appears most larger businesses including Facebook, Amazon, Linkedin, Udemy, HSBC, all too similar approaches… In the case of HSBC, I can only speak for their online customers and what I witnessed as I examined the workflow online. I can’t speak for their other in-person channels, at least not in this post … which is about SMEs anyway.
Of course, this Post GDPR Solution is just one of many…
Overall, the other most common Post GDPR solutions for SMEs were …
GDPR Solution No #2: Mass email your entire list to get people to opt-in again, and make a simple change to existing forms to introduce a new checkbox. I have been collecting feedback on this approach and it appears this has been the least successful, with many enterprises complain about a mere 5% response rate at most to their mass re opt-in email blasts.
I won’t point outs those businesses who took this approach as perhaps this might lead to unnecessary embarrassment.
GDPR Solution No #3: Do nothing…
Yes – there are many businesses who have not done anything. Some have simply stopped sending their email clutter to me … yeah, while others continue to do so. I’ve had one email service continue to send me emails, even after I’ve unsubscribed.
It would appear that many of these are smaller businesses from outside the EU, who have simply chosen to ignore GDPR … Quite a few forum’s have included comments like … ‘Not another .com or Y2K thing’. It will be interesting how the EU and other regulators chose to police GDPR.
As I said before, while its was more work to implement than I’d like, we at Stratability chose to implement GDPR … well, firstly because we are located inside the EU for now with Brexit still looming… and we certainly have many EU customers …. but mostly because we promote changes that allow enterprises to transform themselves for good. The objective of GDPR is to stop all the SPAM that’s been floating around, and customer lists from being sold illegally. For me personally, with a rather cluttered inbox, that’s a good thing, as I can now clean up all that clutter.
Using GDPR to re-gain refocus your Operating Model
For a business like Stratability, buying ads, and spending the time to write annoying overly long email newsletters was not something we want to focus our limited time and resources on.
I previously wrote about the importance of providing value to customers first in the digital age, and GDPR actually provides enterprises with an opportunity to do just that… By making it much more difficult for poor services to be pushed via annoying marketing emails to customers that are just clutter in their inboxes, it is diverting time and resources towards those activities in the business that actually add value to the customer journey.
GDPR while painful to implement, has provided companies like ours with a more leveled playing field and evened up the game, where we don’t need to compete using all those marketing tactics which were rather expensive and unaffordable for SMEs. You can compare this to Tesla’s marketing strategy… they don’t buy ads … and instead compete on their USP, using more direct channels and focusing their efforts on collecting as much data as possible to help improve their overall proposition to provide a remarkable service to customers.
At Stratability, our focus post GDPR is on providing quality customer content and a remarkable co-creation driven customer journey. In the long run, I believe GDPR will help companies like Stratability, allowing us to compete on our USP and the quality of our services, rather than with our marketing budget. So, like Tesla, service design is key to our future success.
In THE STRATEGY JOURNEY framework which we use ourselves as well as teach at the Stratability Academy, this move into service design based on the customer journey and co-creation is actually part of many of our courses, with 100s participants from enterprises big and small. The framework includes 25 templates across 5 models which join together to help with an enterprise’s strategy-to-execution journey as they transform their business in the digital age. In my upcoming book, THE STRATEGY JOURNEY co-authored with Graham Christison (general release in November 2018), we will cover Tesla as a case study as well as providing worked examples of many smaller businesses using the 25 templates in the framework.
In the next two blogs from this series, I will cover the following:
Blog #2: Post GDPR Analysis Round-Up for Large Enterprises – here I will cover some of the more extensive activities that some larger enterprises have had to execute when a regulatory change such as GDPR comes along
Blog #3: Post GDPR Workflow… a business architecture viewpoint – in this blog, I will highlight the Post GDPR workflow implemented by Stratability at a high level using the IT Architecture template from THE STRATEGY JOURNEY framework
Till next time then…
Julie Choo is lead author of THE STRATEGY JOURNEY book (Coming in June/July 2019) and the founder of STRATABILITY ACADEMY. She speaks regularly at numerous tech, careers and entrepreneur events globally. Julie continues to consult at large Fortune 500 companies, Global Banks and tech start-ups. As a lover of all things strategic, she is a keen Formula One fan who named her dog, Kimi (after Raikkonnen), and follows football – favourite club changes based on where she calls home.