GDPR: The White Knight or The Elephant in The Room

Strategy, Architecture & Problem-Solving

GDPR: The White Knight or The Elephant in The Room

Business Motivation Model for GDPR

I’m going to use GDPR as an example of how prioritised goals can make a big difference in how an organisation responds to change. I’ve no wish to jump on the consultancy bandwagon that is GDPR; I’m definitely no expert on the subject. However, GDPR will serve as a good example in this content as it’s a topical subject that many organisations are addressing and so should be at the forefront of many strategic and tactical discussions.

A brief perspective on GDPR

I have a simple view of GDPR in that it’s requiring organisations to be better citizens, i.e. to behave better with the data that they obtain and manage. While there are a those complaining about the effects of GDPR, I would first want to question the motives of the companies they work for. I would be looking to see whether the motives are customer-centric or profit-centric. For most customer-centric organisations, most of GDPR is doing what they do already, but with some more rigour to their processes. Unfortunately GDPR is a bit of sledgehammer and a few other nuts will get cracked.

Who wants it?

I’ve written before about how companies can slow down checkout queues for the purpose of collecting customer contact data, e.g. emails, etc. That’s based on what the company wants, not what the customer wants.

GDPR has stronger implications for what can be done with customer data, potentially rendering data useless collected in such a way. Actually, it goes further in terms of legality of handling and processing data, but we’ll stick to usefulness to the company for now. The important point is that for many companies, there will have to be some changes to how they collect data in that manner and potentially if they continue to collect it at all.

Business Motivation Model

So let’s apply business motivation model and see what GDPR looks like in this case.

Business Motivation Model for GDPR

Business Motivation Model for GDPR


The above diagram depicts two companies. One on the left and one of the right; there’s a gap between the top. It is a simplified business motivation model showing the difference between the two organisations, based on one single goal at the top.

For the left-hand company, the main goal is to Provide the best customer service possible. They are achieving this through a sub-goal (maybe a mission in many organisations) of Build relationships with customers. This goal is achieved by the outcome of Capture Customer Contact Details. I’m simplifying to allow outcomes as measurable effects that will happen.

The outcome is realised by a process group of Ask for details of customer which is part of the Pre-GDPR state or plateau. That process group fulfils the outcome for the situation before GDPR. We’re interested in what happens in reaction to GDPR.

In the same company, we can see GDPR as a external driver. The company conducts an assessment and we have a goal of Be GDPR compliant.

That goal influences Capture Customer Contact Details.

We have a work package designed to achieve that goal of Become GDPR Compliant.

For the Post-GDPR state, notice that there is a revised process group of Revised Customer Engagement. This process group focusses on building the relationship. It’s implemented by the Become GDPR Compliant work package. You can trace the line up to the goal of Provide the best customer service possible and the driver of GDPR

Meanwhile, on the right-hand side, we see a similar motivation model, but with some differences. The GDPR elements remain the same. What has changed is the overall goal of Increase Revenue which includes the sub-goal of Increase Revenue from Individual Customers. To achieve those two goals, we end up with a different process group for the post-GDPR state. The result is the same as the original process, but prefaced with an explanation of what we’ll use the data for, etc.


Further Analyses

The Business Motivation Model was simplified in this case. I’d expect to see design principles/constraints, more detailed goals and objectives on the company-side and more detailed goals and objectives on the GDPR assessment side. All of those would constrain the future design.

For instance, the revised process groups I’ve displayed are not the only options that meet the listed goals. However with more goals and outcomes included, I’d expect there to be fewer options to choose between.


The examination of the GDPR scenario through a Business Motivation Model indicates at least two responses to a common data collection issue.

The end result is that it:

  1. may speed up queues since companies realise they can’t just ask for contact data and they decide to not ask,
  2. may speed up queues since companies realise that the interaction doesn’t allow for valuable data to be collected since they won’t have an agreement to use it and, again they decide not to ask, or
  3. may elongate queues so that the companies can ask for permission

Back to the title, I see options (1) and (2) being the white knights for the customers of many companies. We’re hoping that companies follow common sense and implement changes that both respect the customer experience and adhere to GDPR. However in addressing the elephant in the room of how processes can be changed to suit GDPR (rather than improved for the customer), we may end up with (3) and a worse customer experience.

Print Friendly, PDF & Email