The GDPR - Turn restrictions into opportunities



15. March 2018

Read time

5 min


Data Privacy, Compliance and Regulations

The general data protection regulation (GDPR) will change the way companies handle data. The regulation aims to protect user's personal data. This seems like a disadvantage for businesses, but change can bring as well new opportunities.

We need a new data handling arrangement

Our lives become more and more digital. This digitalization enables us to track a tremendous amount of data. Connected devices start to enter the mainstream. This will bring a new wave of data points. While all this data provides huge potentials for new businesses, it caries as well a tremendous risk to people's privacy.

Until the GDPR, the EU only provided lose guidelines for companies and how they handle people's data. Those guidelines are from the mid-nineties before the internet and digitalization became mainstream.

Our lives changed since then. We need new arrangements to handle users personal data.

The GDPR puts users back in control. The relationship between users and businesses will change. It is up to us to define if this change elevates or demotes business.


Redefine the relationship

We, as a society, need to come to new agreements on how we handle data. To redefine the relationship, between business and users, we developed a framework that is focusing on 3 main pillars: protect, educate and facilitate.

01 Educate

Clarify intentions and manage customers the outcome expectations.

Help your customers to understand why you need certain information, what you will do with it and what they can expect in return. When customers can understand the relationship between provided information and received outcomes, they will ensure accurate information.


  • How can leverage GDPR compliance indicators to attract new customers?
  • How can you manage expectations about your product and service by clearly explain what customers can expect if they provide the correct information?
  • What can you gain from changing the relationship with your customers to not only explaining customer's benefits but as well their responsibilities?


  • Make use of certifications (seals or marks) that indicate compliance, to increase trust.
    Article 24.3
  • Explain to your users in an easy to understand manner what data will be collected and who is processing it what for. This will manage users expectations and prevent disappointment or anger.
    Article 6, 7, 12.1, 21.4
  • Be proactive regarding users rights. Provide options and show how to manage (edit, add, remove) the provided data and derived outcomes.
    Article 24.3

02 Protect

Build trust, safeguard users data and your company's interests.

Secure your assets and thereby your customer's data. Assess the sensitivity of the data you are dealing with and put appropriate measures in place. Explain to your customers what you do to safeguard their information. Only when they feel their information are save they are sharing with confidence.


  • How can you prevent or minimize the impact of a potential breach?
  • How can you identify and protect sensitive data? There are some obvious types of data (e.g. health data), but some data only become sensitive once processed or cumulated in bigger sets.
  • What could cause your customers to be irritated? How can you avoid legal disputes?
  • How can you ensure a consistent quality of all aspects of your offerings at all times?


  • Collect and store only necessary data from your customers.
    Article 5.1 c, 5.1 e
  • Limit the number of people in your company that can process personal information to only necessary (authorized) persons.
    Article 5.1 f
  • Only provide access to the required data sets when processing data.
    Article 5.1 c
  • Use of pseudonymization to protect your customer's privacy whenever possible.
    Article 32.1 a
  • Build products with a data-protection-first approach that minimize the risk of violating your customer's privacy
    Article 25.1

03 Facilitate

Enable your customers to manage their own data

Enable your, customers, to take responsibility for their data. Give them access and help them to add relevant information and edit or delete incorrect data. Provide abilities to create data synergies with other services. when you put your customers in control, they will take responsibility and ensure a high data quality.


  • How can you improve the quality of customer data, by giving your customers more control over their data?
  • How can you create easy feedback loops that involve your customers to keep the data accurate and relevant?
  • How can your customers help to improve your service mechanisms and outcomes?
  • Are there opportunities to create synergies or increase your own value, by exchanging data with other services?


  • Explain how to opt-out, when you ask users for consent to collect data, this will remove anxieties and result in more trust.
    Article 7.3
  • Enable your customers to correct and erase data. This can help to improve your data quality.
    Article 16, 17.1
  • Provide options to access, download and port their data. See if you can leverage synergies, with other services.
    Article 15.3, 20.1, 20.2
  • Give your customers the option to talk to a person and change algorithm-based decisions.
    Article 22.3

The GDPR puts users back in control. This might seem bad for business but can be seen as an opportunity. The need to be able to explain why information is needed can help to sharpen the proposition. The need to limit data collection to only service relevant information can reduce overhead. The need to enable access to data can lead to synergies with other companies.

How and when to use the 3 pillars on a customer journey

Customer lifecycle

01 Educate - Help your customers early in the journey to understand the value and what you need to deliver this. Clear expectations and explanations during the sign-up and setup phase will avoid disappointment once they start to use your service. When you enable your customers to understand the value, they will provide more reliable data, which will lead to more accurate outcomes.

02 Protect - Customer's data is an essential part of most companies offerings. To make your customers comfortably to share their personal data, you need to demonstrate that you handle their information with care. Only when your customers believe that their data is saved from leaks or breaches, they share with confidence.

03 Facilitate - Allow your customers, to manage their own data. When people start to use a new service, they might withhold certain information because they do not understand it's full potential. Enable easy access to the given data and maybe its derived information. Enable them to correct or even delete (in their eyes) wrong information. Help them to use their data in with other services. If the value is clear, it is in their own interest to keep their data accurate and relevant.



Data protection - Rules for the protection of personal data inside and outside the EU

Official Journal of the European Union (english pdf)


Partner with us

Our partners are innovators, shipping exceptional solutions that matter in people's lives. How can we help you?

Looking for more?

Check out our other work.