The clock is ticking on the 2 year countdown to the implementation of the newly agreed General Data Protection Regulations (GDPR). I'm not going to get into any detail on the regulations themselves just yet, I'm saving that for the future once a few more questions, answers and clarifications come out and I can give a more informed review.

For now I want to explore exactly how important data protection is when it comes to the experience that you offer your current and future customers. While it is often seen as a box ticking exercise and left to the legal team, it is in fact a huge opportunity to use it as a competitive advantage.

A huge amount of organisations look at data protection as a compliance activity, something to adhere to, but sometimes gets in the way of promoting yourselves and hindering the business of actually selling stuff.

Quite simply, I believe this is the wrong way of looking at it. Doing what you need to in order to be compliant is a box ticking exercise. Embracing it can put you ahead of your competition in the eyes of your customers.

These days people are very aware of this thing called personal data and how valuable it can be to organisations. Ultimately people have ownership of their own personal data (in my opinion, lawyers and IT experts may argue otherwise) and if you mistreat it, they can and will take it away from you.

Your approach to data protection can be a huge asset to your business and your brand. You should treat it in the same way you would treat the development of any of your USPs. Put your customer at the centre and develop your attitude and approach to data protection from there. Consciously looking to build an open and trustworthy approach to how you store and use your customer’s personal data will put you streets ahead of your typical box ticking, strict terminology and use approach defined only by lawyers.

Start by thinking about your brand equity. What would a data protection breach or a clandestine privacy & data usage policy do to your brand? We all know how harmful negative publicity can be and you wouldn't want your customers to think of you as incapable of being straight with them and completely untrustworthy.

The required prep for GDPR gives you a great opportunity to embrace the regulations and build great data management practices into your core values. Being genuinely open, honest and trustworthy are fantastic values to have. This means it becomes a tool to use in generating trust between your current/future customers and your brand. Being seen and associated with having a strong respect for your customers and their privacy surely can’t be a bad brand value to have.

If people see you brand as being genuinely trustworthy, you are already part way to your next sale or next new customer. If people know that they can trust an organisation with something so important as their personal data, it puts a huge amount of faith in everything that organisation can do for them and builds up their engagement.

Having the right processes and procedures to back up these values and well earned trust are essential. It is only one part of an effective data protection strategy though, you have to get the data in the first place. We already know that people know their personal data is valuable, so that brings us onto the subject of the value exchange.

What do you have to offer your customers in return for the ability to use their personal data? DMA research suggests that only 7% of people believe that the benefit of businesses using their personal data is theirs, with a huge 80% believing the benefit is for the businesses. This sort of outlook makes it really easy to see how people can quickly snatch back their data when something happens to test their openness to sharing it.

It isn't for me to suggest what your customers see as a reasonable reward for allowing you to use their personal data should be, that is for you to discover. Know that without a value exchange, you have nothing to offer your customers, therefore you are always waiting for them to wake up and realise it is a one-way relationship.

You should view your investment of time and resources into GDPR preparation as an investment into your future customer and analytics database, which should be treated as any other business asset. The attitude and effort that goes into understanding and delivering your value exchange should be approached in the way you would build your USPs, tone of voice and ultimately your brand. These are essential to the building of your customer experience, they are the very foundations that when strong, can be built on and will support you, but if they are easily shaken, it can cause huge and sometime irreparable damage.

In short, embrace data protection and use it to build your brand and customer experience upon. If you don’t, it could easily destroy you.