GDPR: A data revolution for utilities?

The EU’s new General Data Protection Regulation (GDPR) is coming, and Nic Sheen looks at what this means for utilities.

Technology is opening up new opportunities for utilities – the Internet of Things, Big Data and connected devices such as smart meters are set to transform the sector, making it more responsive, competitive and better value for customers. However, the EU’s new General Data Protection Regulation (GDPR) which comes into force in May 2018, has the potential to reveal the true level of sophistication in data management – or lack of it – that dominates the utilities sector.

The GDPR is the new standard for data protection in Europe and sets out a universal framework of requirements for businesses, covering areas such as data portability and the right for customers to be “forgotten”. With this list also comes the threat of fines of up to four per cent of turnover or €20 million for non-compliance.

Meeting the standard will mean significant investment, particularly for the utilities sector where lots of businesses run core systems never designed to meet this need. Staged transformation of these systems has moved from the ‘nice to have’ to the ‘mission critical’ list.

This regulation has been a long time coming and GDPR should be welcomed as it will ensure best practice is in place.

The regulation will ensure that businesses are accountable for the data they hold, and also spark them to invest in the people, processes & IT systems they need to harness data in ways that can transform customer communication.

Ultimately, this will make the sector more transparent, trustworthy and able to have more meaningful one-to-one conversations with its customer base.

The roll-out of smart meters and, in future, in-home sensors aims to help businesses inform their customers. But this hinges on being able to process the data that these connected devices provide – something that, up until now, the utilities sector has not been able to perfect. Investment in GDPR compliance should be pointed to produce systems, as well as the understanding and expertise, needed to do this.

“…a ‘wait and see’ approach is likely to be costly in the long term. We have seen in other sectors that companies that have bravely” invested in the right customer systems are reaping the benefits…”

GDPR requires robust, centralised systems to handle even the most basic of customer information. Businesses will need to get data records in order, understand what has been stored, and how different departments are using customer data. They will also a need to maintain a strong audit trail of permissions that customers have given for use of their data, and how this information flows through an organisation, to be able to fulfil the key principles set out in the regulation.

Take, for instance, the ‘data portability’ requirement that stipulates that data can be transferred to a new ‘controller’ at the request of the ‘subject’. When switching energy supplier, a customer can request that all data held on them by their original provider be transferred to the new one and that any record of that data then be forgotten.

To meet these requirements companies will need to become more versatile and able to share and compartmentalise data more efficiently. This will open up opportunities to use data to improve customer communication. For instance, combining usage data from smart meters with a customer’s postcode might enable the company to provide them with geographically relevant information on the most cost-effective times to turn their heating on. Equally, in-home sensors could provide early warnings of when equipment develops a fault or is operating inefficiently. Having robust IT infrastructure and data systems to back this up will be needed to give firms the back-office muscle needed to proactively communicate this information with customers in meaningful, simple and relevant ways.

For some utilities companies, the investment to replace legacy IT systems will be unavoidably huge. This, along with Brexit uncertainty, goes some way to explaining why a lot of businesses have put off addressing the issue up until now.

This ‘wait and see’ approach is likely to be costly in the long term. We have seen in other sectors that companies that have “bravely” invested in the right customer systems are reaping the benefits of better engagement in higher customer satisfaction scores and greater speed to market. The GDPR is still likely to be the biggest influence on data protection in the UK after it leaves the EU, even for businesses who ply their trade solely within UK borders. As if to prove this point, the Queen’s speech recently put forward plans for a Data Protection Bill that looks set to mirror the requirements of GDPR.

The truth is that GDPR sets out a benchmark for the use of customer data that all businesses should be working toward. For those that approach the challenge intelligently and proactively, the by-product of compliance will be a programme of work to recruit the right people and create the processes and systems they need to take full advantage of data to deliver great customer communication.