Having worked in the tech industry for over 25 years, James is fascinated by the impact that technology, and particularly data, has on organisations and the people they serve.
In today’s episode, I’ll be chatting with Steve Scrace, a Privacy expert from an organisation called “In the Know”. I’m going to be asking Steve a really important question – why is it that people don’t behave as if they care about their data privacy, and how do we change it”. We all know that data privacy is human right and an important issue in the modern world.However, consumers routinely behave in quite a wreckless manner when it comes to their data online.We draw parallels with airline safety videos, talk about the challenge for both consumers and data governance people, and finally we talk about whether some form of “kitemark for privacy” could make things easier? As always a great conversation, let’s join steve for a chat over the phone.
If you’d rather read the transcript than listen to the podcast (we’d always encourage you to listen!), here are the words:
Hi. My name is James McCarthy and I’ve been in the tech industry for over 25 years, I’ve always been fascinated by the impact of technology on the world we live in. And recently that includes the growing topic of data. Every company is now a data company and we’ll be talking about the impact of that on organisations and the people that they serve. We’re going to talk about how data should be used to improve the world we live in, as well as the risks and moral challenges surrounding data when it comes to consumer privacy and security. So if talking about this business of data sounds like your kind of podcast, then sit back and enjoy. We’ve got some interesting conversations coming right up.
In today’s episode, we catch up with Pragasen Morgan partner at Ernst and Young or EY as they are now know. Pragasen is in the data governance practice at EY and spends every day in the boardrooms of some of the world’s most interesting brands. So, it’s great to have him with us. I know you’ll love the insights he brings. Pragasen talks about why he thinks data governance is dead, which sounds counterintuitive, given that data governance is a very important topic right now.
What’s interesting is that Pragasen presents us an alternative, a dramatically different way to think about the customer and more importantly, the role of data in that. The challenge Pragsen issues to organisations is profound, he but recommends a far more customer-centric approach that the most successful data-driven organisations are already using to disrupt and redefine the market. We talk about who in the boardroom should be responsible for leading that change, and examples of companies that Pragasen has observed and worked with as they transform with data.
Once more due to the COVID-19 situation Pragasen and I are working from home and so the audio quality isn’t quite the immersive podcast experience that we’ve all grown to love. But please hang in there. What he has to say is really worth it.
So Pragasen, I’d like to welcome you to the conversation today. It’s great to have you on our podcast series. Would you like to just quickly introduce your role and your kind of passion around data?
I’m really delighted to be here, actually. I’m a partner with earnest and young or EY. And I’ve been working in the area of data privacy and data governance for a number of years. I’ve worked with the government here in the UK, worked with the EU on the GDPR legislation. And over the last few years, I’ve been helping businesses transform the way they manage their data, in particular on regulation.
Our two organisations are working together and we’ve had some discussions and you came up with this amazing concept that data governance is dead, which is a bit of an interesting thing for a lot of people. Could you explain why is data governance dead?
I’ve been saying data governance is dead for a number of years. For those people that have been around me for a while now have probably seen my frustration with the traditional way that data governance has been established in the in the marketplace. Let me just kind of give you some explanation as to why I say that. Traditionally, the way businesses manage data was always in a silo.
You had, let’s say, marketing that went out and marketed to a customer. You then had a customer that decided they wanted to do business with you and essentially you had a customer record. You then had a billing process. You had financial records around the customer and then you might have patterns in the data. In relation to the way governance over that data would have been established, it would have been in silos.
So at every single touch point, you would have had information security controls. You would have added controls around the way the data was processed. At no point would somebody have stepped back and look end-to-end at how that data was actually being managed. Only in one sector in the marketplace, did we find that there was regulation and as a result, you had a single view of the customer. That was in the financial services sector, where there was a realignment of the way the customer record was managed and then controlled across the organisation.
The reason I say customer data governance is dead, is the traditional way of managing data in silos has gone out of the window completely. We saw that because of the establishment of regulation in the marketplace, with GDPR with CCPA, and other legislations that are coming in. Now you have to look at the data end-to-end. The traditional way where you might have a CFO managing the data, the chief marketing officer managing the data, business data cannot be done in silos. It has to be done holistically.
I’m now coining a new term called agile data governance. It’s a pretty new term in the marketplace. Agile data governance is about understanding that across my landscape, I need to treat the customer record as the holy grail and gold. And as a result of that, it doesn’t matter what the data flows through, it doesn’t matter which business process it flows through. It doesn’t matter which third party that I can hand it on to. It’s all about the way I manage that data across its lifecycle. One of the components that was missing previously is the governance over it, at every single touch point. I will treat this data like it is my data, like it is the most important thing and I will protect that data as a result of it. What I then have as an intention is that the customer will continue to do business with me. And I will be really transparent about what I did with the data.
Traditionally, businesses have not been transparent to what they do with the data. And as a result, the customer satisfaction level, the customer trust level, with businesses is absolutely at its lowest point. I tell data governance you can absolutely measure, you can measure by customer retention, you can measure by customer satisfaction, and you can measure by how much the customer wants to continue doing business with you. With traditional data governance, and the reason I think data governance is dead, is you can see quite clearly with your viewing patterns with your traditional loss of business because something happens etc.
Pragasen anything that puts the customer at the centre of the organisation as a marketer is music to my ears without a doubt. We’ve been talking about being customer centric as businesses, as organisations, for a long time. But there’s been very little evidence apart, maybe in the brand new, digitally driven companies that are bringing to market propositions that completely turn business models upside down and are arguably much more customer centric. And yet the traditional companies don’t seem to be able to get their heads around what that means for their business.
It depends what you mean by customer centric. We’ve just done a survey in the marketplace. And it’s the second year that we did this survey with telco, media and technology clients. And essentially, we asked the same question. The question was ‘what how do you feel about businesses that take your data?’. ‘What is the trust that you have with it?’ The measurability of that can be low. The customer view of trust with businesses is at a low and actually with everything else that’s happening in the marketplace, and the awareness of data breaches. The awareness of data being sold on third parties, etc is now much higher with the customer and the customer, therefore doesn’t trust business.
So when we talk about customer centricity, most businesses will talk about it from their perspective, in which case it is ‘how do I generate more revenue from the customer?’. Whereas the customer’s view of this is actually, you need to put me first, you need to establish a trusted position with me. I am at the centre of the business model that you have. In which case, if you are going to do something with my data, I should be the first person that you tell about what you’re about to do with it. That’s not always the case. Most businesses will probably tell the customer second or third, rather than before I try and do something with their data, and establish trust with a customer.
And if you can do that, if you can put them at the centre but also to your point, show them that you’re putting them at the centre of the business and show them how their data is going to deliver a better experience for them. Either than they’ll get more convenience or better service, that makes it very clear that you’re leveraging their data for their own benefit, then that’s also what some of these very disruptive modern services are doing anyway, isn’t it delights the customer effectively?
You’ll notice from the work that you’re doing at Exonar. You pretty much analyse data in most businesses. And as a result of analysing the data, you know that the mountainous volumes of data that business have is significantly high, and sometimes there’s a lot of redundant information as a result of that. If you pause and get a customer’s perspective on that, the customer would be saying, ‘look, I would be happy to give you my data, provided you can tell me the controls that you have in place. And actually, you need to have a licence to operate with my data, and that licence can expire.’
Even with your normal, traditional, licence to drive on the road, the road needs to be established with proper signage, it needs to be established with proper marking. You need to have police people on the road to make sure that we are being governed appropriately in the way we drive.
It’s the same thing with businesses. Businesses have been operating for far too long without those controls in place. And to a large extent, that’s why data governance is dead, that’s the reason why there’s so much data available is because they’ve just collected every single piece of data that is out there. Now, what the customer is saying is, ‘you have a licence to operate my data. Operate within the maintenance of that licence. Once you are done with it, tell me and I can decide whether I want to renew my licence with you all I need to go somewhere else.’ The choice for the customer now is at an all-time high.
Businesses that have a different customer proposition where they put trust at the heart of the business model has a significant advantage to traditional businesses. So traditional businesses are really finding it difficult to change existing practices, to now adopt new ways of working to put customer trust at the heart of the model.
It feels to me like, for a lot of organisations, data governance is dead. They haven’t yet understood that completely. You’ve had some organisations who have collected everything, and have tried to use that data for nefarious purposes, shall we say? Some of those organisations have been collecting those huge volumes of data that you talk about, but in some ways they didn’t even know. They weren’t conscious that they were collecting it. And certainly, they didn’t realise that they had an implicit contract with their customer, you know, more moral contract with their customer to tell them how they were doing it. It feels like some organisations are a long, long way from this.
You’re exactly right. I could talk for hours about the moral obligation around what you should be doing with the data. But that’s a completely different topic. If I just pause and look at look in any digital business, the things that I find when I go in to a project or engage a business on how to manage data, is that there are probably three or four questions for any strategic project where they want to go through digital transformation.
And I put digital transformation in inverted commas because lots of businesses have done ‘digital transformation’ or think they’ve done it. When all they’ve done is actually changed technology and changed systems. What they haven’t done is transform the data. So if any organisation wants to go through a digital transformation, data has to be right at the heart of this whole thing, and has to drive the digital transformation lens on it. Because data will touch every single part of the business and will pretty much flow through every single system. So probably say about 50 – 60% of that could be redundant data, because if you really look at the core piece of data, there’s only about 40% that you really need.
The traditional way that businesses have done it actually, in fact many business that I’ve looked at, probably has upwards of 500 systems in place. The cost model to leverage that technology to do business is pretty high. So if you come along and suggest a completely different concept here that’s about putting trust at the heart of the business. And by the way, you might have 60% redundant data, you need to clean that out. Most businesses will have a reaction that’s significantly negative to that because they believe they want to hold on to the 60% of the data because it could be valuable.
I think GDPR was one of those projects where you realised a lot of the data could be deleted anyway. But what I mean by traditional ways managing that data, doing business and the traditional way where the board’s looked at the revenue models as a result of that, this is what has completely stopped them from establishing a new model. One where data is at the heart of business, where trust is at the heart of the business. And as a result, the cost model, the leverage model, the proposition to the customer, the revenue model is all different. To switch from one revenue stream to a very different revenue model, where you would be incrementally generating revenue over a period in time, exponentially, that will be much higher than what you have today. But the ability to stop what you’re doing to do that and invest in something different, is not easy to do. Which is why we find those type of projects really difficult – where businesses will have to stop what they’re doing to re-establish a new model.
Even in current times when we’re looking at a massive crisis in the world around COVID-19, which is literally turning things upside down and which is challenging the business models of an awful lot of organisations right now, it still feels like some organisations are going to struggle to redefine how they operate in a way that makes them successful. Who is the pioneer in the organisation of that transformation? Who can realistically go to the board and say, we need to stop what we’re doing today and do it in this whole new way? And it’s going to be hugely disruptive internally and very difficult.
I believe that coming out of COVID-19 whenever that is, the world will not be the same for business going forward. I firmly believe this whole agile data governance customer trust piece is lies with a CEO. A CEO that can see the benefits for the business longer term will look at its revenue models today. It will look at its customer retention, it will look at the disruptors in the marketplace. And as a result, he or she would recognise that if we carried on doing what we’re doing today in X amount of years, we’d be dead.
And we only need to look at the marketplace today to know that there have been disruptors that have come into the travel and entertainment space. We’ve seen businesses that have come into the media space, that have all been disruptive business models. The CEO or the board would have to have that vision of looking at where we are today versus where we want to be in 10 years time. And recognising that the model that we’ve got today is just not fit for purpose. And so I genuinely think it’s the board and CEO that will have to make that call.
Traditionally digital transformation would have been the CIO, wouldn’t it?
Yes. And it could be. But if you kind of look at Europe, the CIO doesn’t always have a board level role. You wouldn’t always see the CIO leading transformation strategy in a business. The CIO generally is tasked with implementing a vision of something. What we need to see is CIOs that are much more strategic thinking and are leveraged by the CEO or board to come away with disruptive business models that would challenge your thinking.
I’ll give you some good examples of why I say that, right. So most times, when I’ve seen projects that have completely failed, especially when on the digital transformation journey, is where is CIO that is traditionally part of the establishment of a customer model, or a financial revenue model of where we are doing things, let’s say today, and then you ask a CIO to start thinking about how you would do things differently tomorrow. Without the investment, without getting him to split his organisation, without getting him to stop some of the things that they are doing today, and then focus on the things that you need to do tomorrow, it is very difficult for a CIO start thinking strategically about the future.
A good example would be if I was going to establish something like let’s say, Azure or Microsoft, Google Cloud, GCP the ability to establish that business model differently than the model that I’ve currently got, and as a result not to employ thinking that I’ve got today into the GCP model, it’s a difficult for a CIO. So it’s almost as if you’ve got split the organisation in two and have two different strategies. And already the CIO has got so many different priorities. They’ve got a cost priority, they’ve got a priority around operations of the business, they’ve got a resilience priority, they’ve got a change to technology priority. So they are not only going to find the time to be strategic and look at the model differently,
Traditionally the view would be that the CIO is responsible for aligning or solving the business’s challenges with technology. The interesting thing is, if we’re talking about data and trust and putting customer data customer trust at the centre of the organisation, that technology/non-technology thing is really blurring, isn’t it? Because I’m not sure that traditional board members are in that way of thinking?
I agree. I do think the CIO does need to be empowered to be able to do that, but not many of them do in my experience. We just need to look at the marketplace today. Everybody’s pain point in the marketplace, especially from a retail perspective is, can I jump online and order products rather than walking to the store? But ask yourself the question. Why on earth have we got online business models that are not able to do that? Because the CIO has been saying, for a long time, look, we can leverage the customer model, we can scale up really quickly, we can flip the switch, customers could switch to this model really quickly. Most businesses are not making the time to establish the supply chain really well. There are only one or two businesses today that are standing up to that because the supply chain’s intact and they know how to get the delivery to the customer. Ask yourself why the big retailers in the marketplace today cannot get the delivery to the customer?
Right now, despite the CIO being strategic and saying, I can put in the online model. I can I can put products there, I can tell you what the customer wants. And actually, if we want to scale up, let’s say some event happened in the marketplace tomorrow – CIOs are pretty good at looking at high risk events – if the business listens to them. The answer is probably no. So, did they invest in the supply chain ahead of time? The answer is probably not.
I was going to ask you this later. But what about the rise of the CDO?
There’s a big difference between the CDO today and the chief data officer of yesterday. The CDO of yesterday was a rebranded CIO, who just understood technology but didn’t genuinely understand data. What we started to see out of the US is that there was the rise of the chief marketing officer. And what I firmly believe is that the CDO has to be a marketeer and needs to understand customer data really well, he or she needs to understand systems really need to understand strategy very, very well.
So effectively, what you find is that the CDO, the chief data officer, will understand all components of data will understand the business model, and then understand the leverage points for the customer in a trustable way. The CDO is really a political position, navigating the business understanding how they need to work with a business, but also how to pull the lens and strategy so that they can get much closer to the customer.
So the CDO really could be a pivotal board member to our discussion about how that might work?
It genuinely is a board role. Absolutely, because they need the authority to execute, and to be able to connect up the business and he genuinely has to be a board type role.
Maybe I should become a CDO!
Maybe you should!
So there’s obviously going to be winners and losers. And I was thinking about this from the marketing perspective in terms of when the big disruptive businesses come along. They put data at the centre of their proposition. So they were born in data. As businesses, they were enabled by technology that wasn’t here a few years ago. I mean, there’s countless numbers of them. They obviously were born and bred to have data and the customer and to an extent customer trust right at the centre of what they do. Are they the winners? Can traditional businesses do this?
We have seen some businesses move towards breaking their existing strategy and then establishing new models, new ways of working. They’ve either partnership models or they’ve decided to start from scratch. And if you look at the successful ones, they’ve actually split their strategy. They’ve got two different strategies. One is to operate the business model today. Continue to operate that because we’ve got revenue coming out of it. However, real investment is in the second piece here, about re-establishing our model, and it’s very different.
What we have seen though, is that the time to do that is, is not as quick as somebody that’s starting from scratch because they are not embedded in traditional thinking, they don’t have the same constraints. And as a result, when they are building their business model with the customer right at the heart of the model, trust is right at the heart of the business model. Whereas the traditional model where you need to establish trust over everything that I’m already doing, is much more difficult to do.
The proposition for the customer in the second bit where you’ve got a disruption in the marketplace, is much better understood for the customer, because the customer recognises that I’m going to be giving my data to this third party or to this business. And as a result of that, the output that you’re getting from that business is much clearer.
What I find is that the new disruptors in the market seem to be a lot more transparent with the types of data that they’ve got. Transparent with what they’re doing with the data. And also, they pretty much disclose to the customer quite clearly and are able to tell them very clearly where the data is going with which third party. You’d find these digital models tend to open up these dashboards, where the customer feels as if they’re in control of the data. A traditional model finds it really difficult to do that, because number one, they don’t even know themselves where the data is, and hence they can’t put that trust directly into the hands of the customer. I do think fundamentally, James, that every single customer does need to be in control over the data that they give to a business, whether it’s now in the future. And those business models where they put the customer in control of what they are doing with their data would be the long term survival.
I’ve seen that work in people’s subscription settings on websites, I’ve found myself as a consumer going in potentially to unsubscribe, but actually finding myself opting in to new things. I’m actually giving permission because I can see how the brand that I’m interfacing with might benefit and might give me a better service. And I’m actually willing to, to share more than I was actually planning to do, which is quite an interesting concept. But you’re right, it does require trust.
I did this probably about two to three days ago. I signed up to a to an app. And the app asked me some questions about what my interests were, whether they were science, technology, politics. I was able to give them my interest levels. After that, what they then sent to me was, just as a matter of course, the reason we’re asking and we draw sources from x, y and z. And I felt as if I was in full control. They went on to say – should you wish for us not to send your data to these organisations? Please can you tick these boxes. I knew what I was getting, and I knew what I was not getting around that. Most businesses tend to assume that they’re going to tell you what they need to tell you because it’s in their interest. Actually, you’ve got to flip it around. It needs to be in the customers interest. I need to be in control of the things that I want to be either marketed to, or I don’t want and as long as you’re transparent about that I can make a choice.
What’s the role of regulation? If we do this right, does it remove the requirement for regulation? How does regulation play into this?
The regulation has been the connector to businesses understanding that the complexity of data exists in all parts of the business. Now for those businesses that have done it really right, what they’ve done is they’ve done data mapping correctly. They’ve tried to understand the systems landscape, and then they’ve tried to understand the data assets in the business.
Businesses that haven’t done that right, all they would have done is to actually establish some process, they would have established some administrative burden. And they would have tried to understand where some of the risky data might have been, because that would have been easy way to do this.
Those businesses that have leveraged legislation as an opportunity to do digital transformation across the business or across the entities that they’ve got, then actually those would be the ones that long term, have done these programmes and projects, right. Because the legislation was just giving the licence to operate with customer data. Now everything has shifted on its head because all it did was it made the business recognise that they didn’t own the data. And for many years, businesses had run away with the ownership of data thinking that they could do whatever they wanted with customer data.
This is now about flipping it on its head and saying, actually, business, you have a licence to operate with that data and you need to operate within some principles. And as a result of operating with some principles, you can and cannot do some of those things.
So that’s good. I think we’ve covered we’ve covered a lot of ground here. It does seem that data governance might be dead. It does seem that there’s this very compelling story around agile data governance, that comes out a bit. We’ve talked about a lot of the ways in which that manifests itself I’d be really interested in how you would summarise what you think has data governance is and how we move forward from here.
I’d say four things. Number one, the traditional way of managing data, if you were still doing it in silos, you know, you got data in marketing, you’ve got data in finance. And you are finding it really difficult to bring all that data into analytics, you probably still doing it the old way. And if that’s the case, there’s still an opportunity to leverage that by establishing a digital model around that data and establishing trust. And the opportunities of that are incrementally high.
If you really look at what you want to do with a customer long term, because there’s a transparent piece around that, in being able to tell the customer what you’re doing with that, establish trust with the customer and the customer can then give you control over what you want to do with that data. So number one, if you are doing it in silos, then there’s still the opportunity of consolidating what you’re doing with that data. And that is a difficult journey. But it’s not a journey that is not surmountable, in respect of being able to establish the controls processes. journey around transformation with that data.
The second thing I’d say is that in terms of legislation that most businesses will need to start to navigate, because the whole world is suddenly waking up to legislation around this. And it will get more difficult to manoeuvre especially for global businesses. You’ve got India with new legislations coming up And then we’ve got CCPA and there’s Washington also looking at that. So the concept of regulation being an accelerator to a transformation journey around the data is something that needs to be embraced. As a result of that, rather than looking at it as something negative, one should look at it as a real process accelerator to transforming the landscape around data in the business.
The third is the opportunity that brings to you getting much closer with the customer. Because as you start to go through your transformation journey around data and governance, one of the things that needs to be established is a much more agile way of connecting with the customer. That could be giving the customer control over that data.
Most organisations find that really difficult to start to think about, because generally they are marketing to a customer one way. And as a result of that they actually they worry about the revenue loss that they might have if they gave the customer the opportunity of switching something on and switching something off.
And then the third the final piece of piece, I’d say is recognise that going from Point A to Point B on this journey would not be an easy journey. But that doesn’t mean that it’s not the journey that one would want to navigate. Because if you aren’t thinking about data in an agile sort of way, if you’re not having leading thinking about the way you are managing that data, if you’re not having leading thinking about disrupting your journey around the data, then the difficulty is longer term. You will have disruptors on your doorstep, that will be thinking about data in a very different way. And they will transform the way the customer behaves with the organisation. As a result, long term you might lose customers.
Amazing Pragasen, it’s been fascinating talking to you. It’s a really, really interesting area. We probably haven’t quite done it complete justice. We could talk for hours about this I feel. But thank you so much for coming along and sharing your points of view and your insights into this. That’s been fabulous.
It’s been a pleasure, James. Thanks very much for inviting me along.
Well, I hope you found that as interesting as I did. For anyone who’s interested in data within organisations, what an amazing conversation. So what can we take from this? Well, number one, traditional data governance is dead. Organisations need to think of data completely differently, it shouldn’t be thought about in the interest of the company and should be at the centre of customer experience.
Number two, companies need to put the customer at the centre of their world at a board level, not just talking about it in marketing. Organisations exist to serve people at the end of the day. And by doing that they can be disruptive rather than being the disrupted. I’ve never really thought about this, but the new entrant tech business models are genuinely more customer centric by design. That’s just how they disrupt. It’s far easier for a new entrant not only to put the customer at the centre of the organisation, but actually start out that way.
And that leads us on to the third point which Is the journey to transforming through the customer and with data is not at all easy. In fact might be nearly impossible for some organisations. However, it’s a journey winning brands need to get started on.
And the final thing I took away from this is that the CDO or chief data officer needs to be customer centric or indeed a marketer, a heart, and that last one one makes me think as a marketer not only about the debates of the role of marketing, but also about whether it should be the biggest advocate and custodian of data in the organisation.
In the next episode, we’re going to talk about another data related topic, but something quite different. In the meantime, thanks again for listening.
This podcast was brought to you by Exonar, and the music was courtesy of ‘Besound.com’. Finally, a reminder that if you like what you hear, you can subscribe to our other episodes from wherever you choose to consume your podcasts.
Good bye for now. Stay safe, and I hope you’ll join us again soon.