Archiv der Kategorie: Disruption

June 2018 Tech News & Trends to Watch

1. Companies Worldwide Strive for GDPR Compliance

By now, everyone with an email address has seen a slew of emails announcing privacy policy updates. You have Europe’s GDPR legislation to thank for your overcrowded inbox. GDPR creates rules around how much data companies are allowed to collect, how they’re able to use that data, and how clear they have to be with consumers about it all.

Companies around the world are scrambling to get their business and its practices into compliance – a significant task for many of them. While technically, the deadline to get everything in order passed on May 25, for many companies the process will continue well into June and possibly beyond. Some companies are even shutting down in Europe for good, or for as long as it takes them to get in compliance.

Even with the deadline behind us, the GDPR continues to be a top story for the tech world and may remain so for some time to come.

 

2. Amazon Provides Facial Recognition Tech to Law Enforcement

Amazon can’t seem to go a whole month without showing up in a tech news roundup. This month it’s for a controversial story: selling use of Rekognition, their facial recognition software, to law enforcement agencies on the cheap.

Civil rights groups have called for the company to stop allowing law enforcement access to the tech out of concerns that increased government surveillance can pose a threat to vulnerable communities in the country. In spite of the public criticism, Amazon hasn’t backed off on providing the tech to authorities, at least as of this time.

 

3. Apple Looks Into Self-Driving Employee Shuttles

Of the many problems facing our world, the frustrating work commute is one that many of the brightest minds in tech deal with just like the rest of us. Which makes it a problem the biggest tech companies have a strong incentive to try to solve.

Apple is one of many companies that’s invested in developing self-driving cars as a possible solution, but while that goal is still (probably) years away, they’ve narrowed their focus to teaming up with VW to create self-driving shuttles just for their employees.  Even that project is moving slower than the company had hoped, but they’re aiming to have some shuttles ready by the end of the year.

 

4. Court Weighs in on President’s Tendency to Block Critics on Twitter

Three years ago no one would have imagined that Twitter would be a president’s go-to source for making announcements, but today it’s used to that effect more frequently than official press conferences or briefings.

In a court battle that may sound surreal to many of us, a judge just found that the president can no longer legally block other users on Twitter.  The court asserted that blocking users on a public forum like Twitter amounts to a violation of their First Amendment rights. The judgment does still allow for the president and other public officials to mute users they don’t agree with, though.

 

5. YouTube Launches Music Streaming Service

YouTube joined the ranks of Spotify, Pandora, and Amazon this past month with their own streaming music service. Consumers can use a free version of the service that includes ads, or can pay $9.99 for the ad-free version.

youtube music service

With so many similar services already on the market, people weren’t exactly clamoring for another music streaming option. But since YouTube is likely to remain the reigning source for videos, it doesn’t necessarily need to unseat Spotify to still be okay. And with access to Google’s extensive user data, it may be able to provide more useful recommendations than its main competitors in the space, which is one way the service could differentiate itself.

 

6. Facebook Institutes Political Ad Rules

Facebook hasn’t yet left behind the controversies of the last election. The company is still working to proactively respond to criticism of its role in the spread of political propaganda many believe influenced election results. One of the solutions they’re trying is a new set of rules for any political ads run on the platform.

Any campaign that intends to run Facebook ads is now required to verify their identity with a card Facebook mails to their address that has a verification code. While Facebook has been promoting these new rules for a few weeks to politicians active on the platform, some felt blindsided when they realized, right before their primaries no less, that they could no longer place ads without waiting 12 to 15 days for a verification code to come in the mail. Politicians in this position blame the company for making a change that could affect their chances in the upcoming election.

Even in their efforts to avoid swaying elections, Facebook has found themselves criticized for doing just that. They’re probably feeling at this point like they just can’t win.

 

7. Another Big Month for Tech IPOs

This year has seen one tech IPO after another and this month is no different. Chinese smartphone company Xiaomi has a particularly large IPO in the works. The company seeks to join the Hong Kong stock exchange on June 7 with an initial public offering that experts anticipate could reach $10 billion.

The online lending platform Greensky started trading on the New York Stock Exchange on May 23 and sold 38 million shares in its first day, 4 million more than expected. This month continues 2018’s trend of tech companies going public, largely to great success.

 

8. StumbleUpon Shuts Down

In the internet’s ongoing evolution, there will always be tech companies that win and those that fall by the wayside. StumbleUpon, a content discovery platform that had its heyday in the early aughts, is officially shutting down on June 30.

Since its 2002 launch, the service has helped over 40 million users “stumble upon” 60 billion new websites and pieces of content. The company behind StumbleUpon plans to create a new platform that serves a similar purpose that may be more useful to former StumbleUpon users called Mix.

 

9. Uber and Lyft Invest in Driver Benefits

In spite of their ongoing success, the popular ridesharing platforms Uber and Lyft have faced their share of criticism since they came onto the scene. One of the common complaints critics have made is that the companies don’t provide proper benefits to their drivers. And in fact, the companies have fought to keep drivers classified legally as contractors so they’re off the hook for covering the cost of employee taxes and benefits.

Recently both companies have taken steps to make driving for them a little more attractive. Uber has begun offering Partner Protection to its drivers in Europe, which includes health insurance, sick pay, and parental leave ­ ­– so far nothing similar in the U.S. though. For its part, Lyft is investing $100 million in building driver support centers where their drivers can stop to get discounted car maintenance, tax help, and customer support help in person from Lyft staff. It’s not the same as getting full employee benefits (in the U.S. at least), but it’s something.

Source: https://www.hostgator.com/blog/june-tech-trends-to-watch/

Advertisements

What is GDPR – General Data Protection Regulation

Source Techcrunch.com

European Union lawmakers proposed a comprehensive update to the bloc’s data protection and privacy rules in 2012.

Their aim: To take account of seismic shifts in the handling of information wrought by the rise of the digital economy in the years since the prior regime was penned — all the way back in 1995 when Yahoo was the cutting edge of online cool and cookies were still just tasty biscuits.

Here’s the EU’s executive body, the Commission, summing up the goal:

The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy.

For an even shorter the EC’s theory is that consumer trust is essential to fostering growth in the digital economy. And it thinks trust can be won by giving users of digital services more information and greater control over how their data is used. Which is — frankly speaking — a pretty refreshing idea when you consider the clandestine data brokering that pervades the tech industry. Mass surveillance isn’t just something governments do.

The General Data Protection Regulation (aka GDPR) was agreed after more than three years of negotiations between the EU’s various institutions.

It’s set to apply across the 28-Member State bloc as of May 25, 2018. That means EU countries are busy transposing it into national law via their own legislative updates (such as the UK’s new Data Protection Bill — yes, despite the fact the country is currently in the process of (br)exiting the EU, the government has nonetheless committed to implementing the regulation because it needs to keep EU-UK data flowing freely in the post-brexit future. Which gives an early indication of the pulling power of GDPR.

Meanwhile businesses operating in the EU are being bombarded with ads from a freshly energized cottage industry of ‘privacy consultants’ offering to help them get ready for the new regs — in exchange for a service fee. It’s definitely a good time to be a law firm specializing in data protection.

GDPR is a significant piece of legislation whose full impact will clearly take some time to shake out. In the meanwhile, here’s our guide to the major changes incoming and some potential impacts.

Data protection + teeth

A major point of note right off the bat is that GDPR does not merely apply to EU businesses; any entities processing the personal data of EU citizens need to comply. Facebook, for example — a US company that handles massive amounts of Europeans’ personal data — is going to have to rework multiple business processes to comply with the new rules. Indeed, it’s been working on this for a long time already.

Last year the company told us it had assembled “the largest cross functional team” in the history of its family of companies to support GDPR compliance — specifying this included “senior executives from all product teams, designers and user experience/testing executives, policy executives, legal executives and executives from each of the Facebook family of companies”.

“Dozens of people at Facebook Ireland are working full time on this effort,” it said, noting too that the data protection team at its European HQ (in Dublin, Ireland) would be growing by 250% in 2017. It also said it was in the process of hiring a “top quality data protection officer” — a position the company appears to still be taking applications for.

The new EU rules require organizations to appoint a data protection officer if they process sensitive data on a large scale (which Facebook very clearly does). Or are collecting info on many consumers — such as by performing online behavioral tracking. But, really, which online businesses aren’t doing that these days?

The extra-territorial scope of GDPR casts the European Union as a global pioneer in data protection — and some legal experts suggest the regulation will force privacy standards to rise outside the EU too.

Sure, some US companies might prefer to swallow the hassle and expense of fragmenting their data handling processes, and treating personal data obtained from different geographies differently, i.e. rather than streamlining everything under a GDPR compliant process. But doing so means managing multiple data regimes. And at very least runs the risk of bad PR if you’re outed as deliberately offering a lower privacy standard to your home users vs customers abroad.

Ultimately, it may be easier (and less risky) for businesses to treat GDPR as the new ‘gold standard’ for how they handle all personal data, regardless of where it comes from.

And while not every company harvests Facebook levels of personal data, almost every company harvests some personal data. So for those with customers in the EU GDPR cannot be ignored. At very least businesses will need to carry out a data audit to understand their risks and liabilities.

Privacy experts suggest that the really big change here is around enforcement. Because while the EU has had long established data protection standards and rules — and treats privacy as a fundamental right — its regulators have lacked the teeth to command compliance.

But now, under GDPR, financial penalties for data protection violations step up massively.

The maximum fine that organizations can be hit with for the most serious infringements of the regulation is 4% of their global annual turnover (or €20M, whichever is greater). Though data protection agencies will of course be able to impose smaller fines too. And, indeed, there’s a tiered system of fines — with a lower level of penalties of up to 2% of global turnover (or €10M).

This really is a massive change. Because while data protection agencies (DPAs) in different EU Member States can impose financial penalties for breaches of existing data laws these fines are relatively small — especially set against the revenues of the private sector entities that are getting sanctioned.

In the UK, for example, the Information Commissioner’s Office (ICO) can currently impose a maximum fine of just £500,000. Compare that to the annual revenue of tech giant Google (~$90BN) and you can see why a much larger stick is needed to police data processors.

It’s not necessarily the case that individual EU Member States are getting stronger privacy laws as a consequence of GDPR (in some instances countries have arguably had higher standards in their domestic law). But the beefing up of enforcement that’s baked into the new regime means there’s a better opportunity for DPAs to start to bark and bite like proper watchdogs.

GDPR inflating the financial risks around handling personal data should naturally drive up standards — because privacy laws are suddenly a whole lot more costly to ignore.

More types of personal data that are hot to handle

So what is personal data under GDPR? It’s any information relating to an identified or identifiable person (in regulatorspeak people are known as ‘data subjects’).

While ‘processing’ can mean any operation performed on personal data — from storing it to structuring it to feeding it to your AI models. (GDPR also includes some provisions specifically related to decisions generated as a result of automated data processing but more on that below).

A new provision concerns children’s personal data — with the regulation setting a 16-year-old age limit on kids’ ability to consent to their data being processed. However individual Member States can choose (and some have) to derogate from this by writing a lower age limit into their laws.

GDPR sets a hard cap at 13-years-old — making that the defacto standard for children to be able to sign up to digital services. So the impact on teens’ social media habits seems likely to be relatively limited.

The new rules generally expand the definition of personal data — so it can include information such as location data, online identifiers (such as IP addresses) and other metadata. So again, this means businesses really need to conduct an audit to identify all the types of personal data they hold. Ignorance is not compliance.

GDPR also encourages the use of pseudonymization — such as, for example, encrypting personal data and storing the encryption key separately and securely — as a pro-privacy, pro-security technique that can help minimize the risks of processing personal data. Although pseudonymized data is likely to still be considered personal data; certainly where a risk of reidentification remains. So it does not get a general pass from requirements under the regulation.

Data has to be rendered truly anonymous to be outside the scope of the regulation. (And given how often ‘anonymized’ data-sets have been shown to be re-identifiable, relying on any anonymizing process to be robust enough to have zero risk of re-identification seems, well, risky.)

To be clear, given GDPR’s running emphasis on data protection via data security it is implicitly encouraging the use of encryption above and beyond a risk reduction technique — i.e. as a way for data controllers to fulfill its wider requirements to use “appropriate technical and organisational measures” vs the risk of the personal data they are processing.

The incoming data protection rules apply to both data controllers (i.e. entities that determine the purpose and means of processing personal data) and data processors (entities that are responsible for processing data on behalf of a data controller — aka subcontractors).

Indeed, data processors have some direct compliance obligations under GDPR, and can also be held equally responsible for data violations, with individuals able to bring compensation claims directly against them, and DPAs able to hand them fines or other sanctions.

So the intent for the regulation is there be no diminishing in responsibility down the chain of data handling subcontractors. GDPR aims to have every link in the processing chain be a robust one.

For companies that rely on a lot of subcontractors to handle data operations on their behalf there’s clearly a lot of risk assessment work to be done.

As noted above, there is a degree of leeway for EU Member States in how they implement some parts of the regulation (such as with the age of data consent for kids).

Consumer protection groups are calling for the UK government to include an optional GDPR provision on collective data redress to its DP bill, for example — a call the government has so far rebuffed.

But the wider aim is for the regulation to harmonize as much as possible data protection rules across all Member States to reduce the regulatory burden on digital businesses trading around the bloc.

On data redress, European privacy campaigner Max Schrems — most famous for his legal challenge to US government mass surveillance practices that resulted in a 15-year-old data transfer arrangement between the EU and US being struck down in 2015 — is currently running a crowdfunding campaign to set up a not-for-profit privacy enforcement organization to take advantage of the new rules and pursue strategic litigation on commercial privacy issues.

Schrems argues it’s simply not viable for individuals to take big tech giants to court to try to enforce their privacy rights, so thinks there’s a gap in the regulatory landscape for an expert organization to work on EU citizen’s behalf. Not just pursuing strategic litigation in the public interest but also promoting industry best practice.

The proposed data redress body — called noyb; short for: ‘none of your business’ — is being made possible because GDPR allows for collective enforcement of individuals’ data rights. And that provision could be crucial in spinning up a centre of enforcement gravity around the law. Because despite the position and role of DPAs being strengthened by GDPR, these bodies will still inevitably have limited resources vs the scope of the oversight task at hand.

Some may also lack the appetite to take on a fully fanged watchdog role. So campaigning consumer and privacy groups could certainly help pick up any slack.

Privacy by design and privacy by default

Another major change incoming via GDPR is ‘privacy by design’ no longer being just a nice idea; privacy by design and privacy by default become firm legal requirements.

This means there’s a requirement on data controllers to minimize processing of personal data — limiting activity to only what’s necessary for a specific purpose, carrying out privacy impact assessments and maintaining up-to-date records to prove out their compliance.

Consent requirements for processing personal data are also considerably strengthened under GDPR — meaning lengthy, inscrutable, pre-ticked T&Cs are likely to be unworkable. (And we’ve sure seen a whole lot of those hellish things in tech.) The core idea is that consent should be an ongoing, actively managed process; not a one-off rights grab.

As the UK’s ICO tells it, consent under GDPR for processing personal data means offering individuals “genuine choice and control” (for sensitive personal data the law requires a higher standard still — of explicit consent).

There are other legal bases for processing personal data under GDPR — such as contractual necessity; or compliance with a legal obligation under EU or Member State law; or for tasks carried out in the public interest — so it is not necessary to obtain consent in order to process someone’s personal data. But there must always be an appropriate legal basis for each processing.

Transparency is another major obligation under GDPR, which expands the notion that personal data must be lawfully and fairly processed to include a third principle of accountability. Hence the emphasis on data controllers needing to clearly communicate with data subjects — such as by informing them of the specific purpose of the data processing.

The obligation on data handlers to maintain scrupulous records of what information they hold, what they are doing with it, and how they are legally processing it, is also about being able to demonstrate compliance with GDPR’s data processing principles.

But — on the plus side for data controllers — GDPR removes the requirement to submit notifications to local DPAs about data processing activities. Instead, organizations must maintain detailed internal records — which a supervisory authority can always ask to see.

It’s also worth noting that companies processing data across borders in the EU may face scrutiny from DPAs in different Member States if they have users there (and are processing their personal data).

Although the GDPR sets out a so-called ‘one-stop-shop’ principle — that there should be a “lead” DPA to co-ordinate supervision between any “concerned” DPAs — this does not mean that, once it applies, a cross-EU-border operator like Facebook is only going to be answerable to the concerns of the Irish DPA.

Indeed, Facebook’s tactic of only claiming to be under the jurisdiction of a single EU DPA looks to be on borrowed time. And the one-stop-shop provision in the GDPR seems more about creating a co-operation mechanism to allow multiple DPAs to work together in instances where they have joint concerns, rather than offering a way for multinationals to go ‘forum shopping’ — which the regulation does not permit (per WP29 guidance).

Another change: Privacy policies that contain vague phrases like ‘We may use your personal data to develop new services’ or ‘We may use your personal data for research purposes’ will not pass muster under the new regime. So a wholesale rewriting of vague and/or confusingly worded T&Cs is something Europeans can look forward to this year.

Add to that, any changes to privacy policies must be clearly communicated to the user on an ongoing basis. Which means no more stale references in the privacy statement telling users to ‘regularly check for changes or updates’ — that just won’t be workable.

The onus is firmly on the data controller to keep the data subject fully informed of what is being done with their information. (Which almost implies that good data protection practice could end up tasting a bit like spam, from a user PoV.)

The overall intent behind GDPR is to inculcate an industry-wide shift in perspective regarding who ‘owns’ user data — disabusing companies of the notion that other people’s personal information belongs to them just because it happens to be sitting on their servers.

“Organizations should acknowledge they don’t exist to process personal data but they process personal data to do business,” is how analyst Gartner research director Bart Willemsen sums this up. “Where there is a reason to process the data, there is no problem. Where the reason ends, the processing should, too.”

The data protection officer (DPO) role that GDPR brings in as a requirement for many data handlers is intended to help them ensure compliance.

This officer, who must report to the highest level of management, is intended to operate independently within the organization, with warnings to avoid an internal appointment that could generate a conflict of interests.

Which types of organizations face the greatest liability risks under GDPR? “Those who deliberately seem to think privacy protection rights is inferior to business interest,” says Willemsen, adding: “A recent example would be Uber, regulated by the FTC and sanctioned to undergo 20 years of auditing. That may hurt perhaps similar, or even more, than a one-time financial sanction.”

“Eventually, the GDPR is like a speed limit: There not to make money off of those who speed, but to prevent people from speeding excessively as that prevents (privacy) accidents from happening,” he adds.

Another right to be forgotten

Under GDPR, people who have consented to their personal data being processed also have a suite of associated rights — including the right to access data held about them (a copy of the data must be provided to them free of charge, typically within a month of a request); the right to request rectification of incomplete or inaccurate personal data; the right to have their data deleted (another so-called ‘right to be forgotten’ — with some exemptions, such as for exercising freedom of expression and freedom of information); the right to restrict processing; the right to data portability (where relevant, a data subject’s personal data must be provided free of charge and in a structured, commonly used and machine readable form).

All these rights make it essential for organizations that process personal data to have systems in place which enable them to identify, access, edit and delete individual user data — and be able to perform these operations quickly, with a general 30 day time-limit for responding to individual rights requests.

GDPR also gives people who have consented to their data being processed the right to withdraw consent at any time. Let that one sink in.

Data controllers are also required to inform users about this right — and offer easy ways for them to withdraw consent. So no, you can’t bury a ‘revoke consent’ option in tiny lettering, five sub-menus deep. Nor can WhatsApp offer any more time-limit opt-outs for sharing user data with its parent multinational, Facebook. Users will have the right to change their mind whenever they like.

The EU lawmakers’ hope is that this suite of rights for consenting consumers will encourage respectful use of their data — given that, well, if you annoy consumers they can just tell you to sling yer hook and ask for a copy of their data to plug into your rival service to boot. So we’re back to that fostering trust idea.

Add in the ability for third party organizations to use GDPR’s provision for collective enforcement of individual data rights and there’s potential for bad actors and bad practice to become the target for some creative PR stunts that harness the power of collective action — like, say, a sudden flood of requests for a company to delete user data.

Data rights and privacy issues are certainly going to be in the news a whole lot more.

Getting serious about data breaches

But wait, there’s more! Another major change under GDPR relates to security incidents — aka data breaches (something else we’ve seen an awful, awful lot of in recent years) — with the regulation doing what the US still hasn’t been able to: Bringing in a universal standard for data breach disclosures.

GDPR requires that data controllers report any security incidents where personal data has been lost, stolen or otherwise accessed by unauthorized third parties to their DPA within 72 hours of them becoming aware of it. Yes, 72 hours. Not the best part of a year, like er Uber.

If a data breach is likely to result in a “high risk of adversely affecting individuals’ rights and freedoms” the regulation also implies you should ‘fess up even sooner than that — without “undue delay”.

Only in instances where a data controller assesses that a breach is unlikely to result in a risk to the rights and freedoms of “natural persons” are they exempt from the breach disclosure requirement (though they still need to document the incident internally, and record their reason for not informing a DPA in a document that DPAs can always ask to see).

“You should ensure you have robust breach detection, investigation and internal reporting procedures in place,” is the ICO’s guidance on this. “This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.”

The new rules generally put strong emphasis on data security and on the need for data controllers to ensure that personal data is only processed in a manner that ensures it is safeguarded.

Here again, GDPR’s requirements are backed up by the risk of supersized fines. So suddenly sloppy security could cost your business big — not only in reputation terms, as now, but on the bottom line too. So it really must be a C-suite concern going forward.

Nor is subcontracting a way to shirk your data security obligations. Quite the opposite. Having a written contract in place between a data controller and a data processor was a requirement before GDPR but contract requirements are wider now and there are some specific terms that must be included in the contract, as a minimum.

Breach reporting requirements must also be set out in the contract between processor and controller. If a data controller is using a data processor and it’s the processor that suffers a breach, they’re required to inform the controller as soon as they become aware. The controller then has the same disclosure obligations as per usual.

Essentially, data controllers remain liable for their own compliance with GDPR. And the ICO warns they must only appoint processors who can provide “sufficient guarantees” that the regulatory requirements will be met and the rights of data subjects protected.

tl;dr, be careful who and how you subcontract.

Right to human review for some AI decisions

Article 22 of GDPR places certain restrictions on entirely automated decisions based on profiling individuals — but only in instances where these human-less acts have a legal or similarly significant effect on the people involved.

There are also some exemptions to the restrictions — where automated processing is necessary for entering into (or performance of) a contract between an organization and the individual; or where it’s authorized by law (e.g. for the purposes of detecting fraud or tax evasion); or where an individual has explicitly consented to the processing.

In its guidance, the ICO specifies that the restriction only applies where the decision has a “serious negative impact on an individual”.

Suggested examples of the types of AI-only decisions that will face restrictions are automatic refusal of an online credit application or an e-recruiting practices without human intervention.

Having a provision on automated decisions is not a new right, having been brought over from the 1995 data protection directive. But it has attracted fresh attention — given the rampant rise of machine learning technology — as a potential route for GDPR to place a check on the power of AI blackboxes to determine the trajectory of humankind.

The real-world impact will probably be rather more prosaic, though. And experts suggest it does not seem likely that the regulation, as drafted, equates to a right for people to be given detailed explanations of how algorithms work.

Though as AI proliferates and touches more and more decisions, and as its impacts on people and society become ever more evident, pressure may well grow for proper regulatory oversight of algorithmic blackboxes.

In the meanwhile, what GDPR does in instances where restrictions apply to automated decisions is require data controllers to provide some information to individuals about the logic of an automated decision.

They are also obliged to take steps to prevent errors, bias and discrimination. So there’s a whiff of algorithmic accountability. Though it may well take court and regulatory judgements to determine how stiff those steps need to be in practice.

Individuals do also have a right to challenge and request a (human) review of an automated decision in the restricted class.

Here again the intention is to help people understand how their data is being used. And to offer a degree of protection (in the form of a manual review) if a person feels unfairly and harmfully judged by an AI process.

The regulation also places some restrictions on the practice of using data to profile individuals if the data itself is sensitive data — e.g. health data, political belief, religious affiliation etc — requiring explicit consent for doing so. Or else that the processing is necessary for substantial public interest reasons (and lies within EU or Member State law).

While profiling based on other types of personal data does not require obtaining consent from the individuals concerned, it still needs a legal basis and there is still a transparency requirement — which means service providers will need to inform users they are being profiled, and explain what it means for them.

And people also always have the right to object to profiling activity based on their personal data.

 

Source: https://techcrunch.com/2018/01/20/wtf-is-gdpr/

Harvards View on Types of Project Managers

Read harvard business review here: https://hbr.org/2017/07/the-4-types-of-project-manager

Few issues garner more attention among top executives than how best to grow their organizations. However, few executives work systematically with the types of employees they need to realize various growth opportunities. Your organization’s growth opportunities fall into four different categories, and in order to develop your business in a commercially sustainable manner, you need four specific types of project manager to pursue them. These types emerged from our ongoing work of understanding how different business development projects can drive strategic renewal in organizations, and the matrix below has helped in capturing potential misalignments between employees and projects.

The employee types and the growth opportunities that they are best at pursuing can be positioned along two dimensions: (1) Is the growth opportunity in line with our existing strategy? (2) Can a reliable business case be made? These two questions create a matrix that distinguishes the four different kinds of project leaders, each of which is optimally suited for a different type of project.

Will every organization need all four types of employees to sustainably develop and grow their organizations? We argue that even the most stable and conservative industries may be threatened by disruption — and the most dynamic and hypercompetitive industries also entail incremental growth opportunities that can be quantified and realistically assessed. Consequently, there is often a job for all four types of employees in most organizations, although the optimal dose of each can differ. At the very least, executives need to be aware of the variety of growth opportunities that they may be losing out on by leaning heavily on a single type of project manager.

The Four Types

The four types pursue different growth opportunities and follow different communicative logics to gain support within the organization (see the table below). In other words, you need them all because they see and support different types of growth opportunities. In that respect, they complement each other. This does not necessarily mean that you need an equal number of each, as most organizations must predominantly rely on executors to ensure the alignment and feasibility needed to maintain profits in the short term. However, you will need a few prophetsgamblers, and experts to be able to identify and pursue growth opportunities at the periphery that can help you renew your organization beyond the chosen path. In the following, we further explain the characteristics of each of the different types.

Prophet. This type of project manager actively pursues business opportunities that lie outside the existing strategic boundaries in an area where it is extremely difficult to obtain trustworthy data concerning the likelihood of success. Hence, the prophet seeks to gain organizational followers for a grand vision of a growth opportunity that is strategically different from the status quo — and without trustworthy quantitative evidence, consequently relying on organizational members making a leap of faith in support of the vision. Obviously, running such projects is risky, as it is likely that the growth opportunities will not materialize, and therefore that the employee may be a “false prophet.” Be that as it may, a prophet is needed to challenge the existing strategy and to pursue overlooked growth opportunities.

A constructive use of this employee type is found at Google, which has a unit called X (formerly Google X), which is a self-proclaimed moonshot factory. Employees in this unit seek to solve big problems using breakthrough technologies and radical solutions. Hence, the projects in X tend to be outside Google’s current domain and strategic focus. In such projects, it is typically impossible to realistically assess the likelihood of success before they are tried out.

Gambler. This type of project manager actively pursues business opportunities that lie within the existing strategic boundaries but have no good business case attached, as trustworthy data concerning the likelihood of success is lacking. Hence, the gambler seeks to gain organizational followers for a big bet on a growth opportunity that is consistent with the current strategy but without trustworthy quantitative evidence. In other words, gamblers play by the rules of the game as they pursue growth opportunities within the existing strategy, but they cannot predict the likelihood of success. Consequently, the gambler seeks to engage other organizational members who also like bets. This can obviously be viewed as an uncertain path, as there is some likelihood that the growth opportunities are not feasible and that they may therefore result in significant losses. However, gamblers are necessary, as they can update the existing strategy by pursuing analytically overlooked growth opportunities.

This type of project champion is documented in a study by Paddy Miller and Thomas Wedell-Wedellsborg, which shows that MTV’s first digitally integrated and interactive program, Top Selection, was initially tried under the radar before the project’s backers had sufficient proof of concept to get managerial approval to continue. This project was driven by gamblers, as they stayed inside the existing strategic boundaries but were unable to document the likelihood of success before the idea had been tested.

Expert. This type of project manager actively pursues business opportunities that lie outside the existing strategic boundaries but for which trustworthy data builds a solid business case. Hence, experts wish to gain organizational followers for a change in action in favor of a growth opportunity that is inconsistent with the current strategy but is supported by solid, trustworthy quantitative evidence. Consequently, experts rely on organizational members actually listening to their advice. Although the growth opportunities are well supported and should therefore be feasible, the main challenge is to make organizational members aware of the need for strategic change and of the urgent need to act in this regard. The expert is needed to challenge the existing strategy by pursuing well-supported growth opportunities that lie outside the organization’s current strategy.

Experts in action are seen in the well-known story of Intel’s transition from memory chips to microprocessors, where key employees within the organization tried to persuade Intel’s management of the value of the opportunity for some time. It took the executive team several years of internal soul-searching before they were ready to make the organizational transition. In this case, the growth opportunity was outside the existing strategy, but it was possible to document the commercial potential and the likelihood of success with some certainty.

Executor. This project manager actively pursues business opportunities that lie within the existing strategic boundaries and have great cases. The executor gains organizational followers for a sure-thing growth opportunity that is consistent with the current strategy and is backed by trustworthy quantitative evidence. In other words, there is no risk, no uncertainty, and no challenge — just a need for execution. Consequently, executors rely on organizational members to follow their rigorous analyses of a strategically embraced project. This can be viewed as the most certain path to success, as the growth opportunity is well documented and aligned with the existing strategy. However, the executor can only point to a limited number of growth opportunities that are low-hanging fruit — the executor cannot provide insights into the more radical and unknown business opportunities. Many who bear the formal title of business developer systematically analyze, prepare, and support growth opportunities that lie within the strategic boundaries and for which it is possible to realistically assess the likelihood of success.

For instance, DuPont has a systematic approach for assessing and implementing growth opportunities. It entails a phased and systematic handling of new opportunities within a disciplined framework built on best practices, providing standardized guidance throughout the process from initial concept to subsequent commercialization. A comprehensive business case is essential to initiate the process — and as the approach involves key work streams and “blocks of work” that the core team must plan and execute in an effective manner, it is particularly suitable for executors.

How Do They Interact?

The various types of project managers may struggle in their interactions with each other. For instance, a prophet may see an executor as overly bureaucratic and rigid, while an executor may view a prophet as unrealistic and disorganized. Consequently, conflict tends to loom among the different types.

What typically happens is that the logic of one of the types becomes dominant throughout the organization. The fact that a single logic pervades the organization at the expense of the others may mean that key employees of a different type leave the organization and take their ideas with them. Moreover, relying on a single type of logic may lead to organizational inertia, which is dangerous in dynamic and evolving markets. You need to ensure enough room for all of the logics within the organization, ideally by introducing boundary-spanning individuals who can navigate among these logics. In this regard, it is beneficial if top management adopts a “bridging” role to allow for coexistence and diversity.

As an executive, you can similarly seek to stimulate a fruitful understanding and interaction among the different types of employees. For instance, having identified the different types within your organization, you can set up a workshop where one type meets and discusses with their alter ego (that is, executors talk to prophets, and gamblers talk to experts). This interaction can help clarify differences in opinions, routines and values — which may help create a greater mutual understanding and respect among the different employee types.

Do Executives Contribute to the Problem?

Executives partly contribute to unsuccessful projects and unrealized growth opportunities when they don’t think through who should be assigned to which projects. Prophets, gamblers, experts, and executors each have their own strengths and weaknesses that are optimally suited to fit certain project types. Therefore, no type is inherently better or rarer than the others.

Executives contribute to organizational failure when they misalign projects and project managers, but this fact is often hidden in the ruins of a failed project. There may be a tendency to see prophets and gamblers featuring on prominent magazine covers or taking newspaper headlines if they succeed with their high-profile projects. For this reason, executives tend to assume that prophets and gamblers are the best. In such cases, executives may be likely to promote good executors to run a prophet-type project, as senior management may think that the executor is finally ready for this big opportunity (with potentially disastrous results). Or executives may assume that they should tap prophets to run a project that really needs a great executor — which may lead to managerial befuddlement when the prophet doesn’t succeed. Instead of assuming that certain types are better than others, executives need to be aware of, value, and give appropriate room to all four types — and match them with the right projects.

The bottom line is that the diversity of styles offers a competitive advantage in terms of business development, and all four types are necessary pieces of your organizational constellation, even though the optimal dose of each may differ. As an executive, it is crucial that you:

  • Make sure you have each type within your organization
  • Make room for each type to work in their own manner
  • Make sense of their respective ideas, by following their respective logics
  • Make time for matching projects and project managers correctly

Meeting the various types where they are, and paying attention to their diverse ways of thinking, will help you obtain the needed diversity among your employees to develop your business. Moreover, this resonates with comprehensive findings that emphasize that the hallmark of great managers is that they discover and capitalize on the unique strengths of individual employees.

Growth and business development are top priorities in most C-suites across the globe, but too few executives focus on maintaining a wide range of people to ensure the identification of novel opportunities. Therefore, executives who want to develop their businesses need to first develop the right amount of staff diversity to drive a diverse portfolio of growth opportunities. Only when diverse people are on board can an organization drive commercially sustainable growth.


Carsten Lund Pedersen is Postdoc at the Department of Strategic Management and Globalization at Copenhagen Business School, where he researches in project-based strategy, employee autonomy and matching employee types with business development projects.


Thomas Ritter is a Professor of Market Strategy and Business Development at the Department of Strategic Management and Globalization at Copenhagen Business School, where he researches business model innovation, market strategies, and market management.

 

 

 

 

 

Take Down Request by the Spiegel Germany Online

Dear Spiegel Online (www.spiegel.de)

Never before in the existence of this personal blog (since 2011 – the day Steve Jobs died) have we received an article take down request where a correctly quoted article that we posted was requested to be taken down AND a website wanted money for the max. 1-2 hours that we had the article online.

Our vision: We create Innovation, enable exchange and try to give the best ideas to the world by always correctly quoting them.

By following take down requests immediately (yesterday it took us 10 minutes between their email at 14.47 and us having it taken down fully at 14.57) we comply with the internet rule-set of respecting other wishes fully. As a consequence we have never encountered any troubles with anyone and we would like to keep that this way.

Since June 19th 2017. Then it happenend: German Online Newspaper The Spiegel, head of law department Jan Siegel, requested the take down of the cooperational column written by internet activist Sascha Lobo that we thought would fit perfectly to the innovational approach on our website. We are not sure if we can post the link to the article but as a reference here it goes:

http://www.spiegel.de/netzwelt/netzpolitik/homepod-alexa-und-co-bevormundung-durch-kuenstliche-intelligenz-kolumne-a-1151017.html

We are deeply sorry that we cannot feature Sascha Lobo anymore, although he states on his website that his texts can be used under the Creative Commons Licence when correctly quoted by naming him as author and with the URL provided and most importantly unchanged. That’s what we did and now “The Spiegel” tries to money punish us with this?

So the authors rights are diminished by the newspapers rights?
Does anybody understand German author rights?
The author explicitly states on his website  http://saschalobo.com/impressum/ „Die Texte (mit Ausnahme der Kommentare durch Dritte) stehen sämtlich unter der Creative Commons-Lizenz (CC-BY-NC-SA 2.0 DE).“
In our understanding this means that you can use the text under the Creative Commons Licence for free when being private like here at dieidee.eu. So that the newspaper later cannot deny this and cannot punish you with money requests for literally a handful article impressions?

We hope to be able to resolve this matter in a friendly and respectful way with the Spiegel as we state here clearly no harm done, no harm will be done in the future, and please state clearly on your website which author (or internet activist as with Sascha Lobo) allows the usage of his texts on any internet website.

Your thankfully
dieidee.eu

How Banks Can Compete Against an Army of Fintech Startups

It’s been more than 25 years since Bill Gates dismissed retail banks as “dinosaurs,” but the statement may be as true today as it was then. Banking for small and medium-sized enterprises (SMEs) has been astonishingly unaffected by the rise of the Internet. To the extent that banks have digitized, they have focused on the most routine customer transactions, like online access to bank accounts and remote deposits. The marketing, underwriting, and servicing of SME loans have largely taken a backseat. Other sectors of retail lending have not fared much better. Recent analysis by Bain and SAP found that only 7% of bank credit products could be handled digitally from end to end.

The glacial pace at which banks have moved SME lending online has left them vulnerable. Gates’ original quote contended that the dinosaurs can be ”bypassed.” That hasn’t happened yet, but our research suggests the threat to retail banks from online lending is very real. If U.S. banks are going to survive the coming wave in financial technology (fintech), they’ll need to finally take digital transformation seriously. And our analysis suggests there are strategies that they can use to compete successfully online.

Lending to small and medium-sized businesses is ready to move online

Small businesses are starting to demand banking services that have engaging web and mobile user experiences, on par with the technologies they use in their personal lives. In a recent survey from Javelin Research, 56% of SMEs indicated a desire for better digital banking tools. In a separate, forthcoming survey conducted by Oliver Wyman and Fundera (where one of us works), over 60% of small business owners indicated that they would prefer to apply for loans entirely online.

In addition to improving the experience for business owners, digitization has the potential to substantially reduce the cost of lending at every stage of the process, making SME customers more profitable for lenders, and creating opportunities to serve a broader swath of SMEs. This is important because transaction costs in SME lending can be formidable and, as our research in a recent HBS Working Paper indicates, some small businesses are not being served. Transaction costs associated with making a $100,000 loan are roughly the same as making a $1,000,000 loan, but with less profit to the bank, which has led to banks prioritizing SMEs seeking higher loan amounts. The problem is that about 60% of small businesses want loans below $100,000. If digitization can decrease costs, it could help more of these small businesses get funded.

New digital entrants have spotted the market opportunity created by these dynamics, and the result is an explosion in online lending to SMEs from fintech startups. Last year, less than $10 billion in small-business loans was funded by online lenders, a fraction compared to the $300 billion in SME loans outstanding at U.S. banks. However, the current meager market share held by online lenders masks immense potential: Morgan Stanley estimates the total addressable market for online SME lenders is $280 billion and predicts the industry will grow at a 47% annualized rate through 2020. They estimate that online lenders will constitute nearly a fifth of the total SME lending market by then. This finding confirms what bankers fear: digitization upends business models, enabling greater competition that puts pressure on incumbents. Sometimes David can triumph over Goliath. As JPMorgan Chase’s CEO, Jamie Dimon, warned in a June 2015 letter to the bank’s shareholders, “Silicon Valley is coming.”

Can banks out-compete the disruptors?

Established banks have real advantages in serving the SME lending market, which should not be underestimated. Banks’ cost of capital is typically 50 basis points or less. These low-cost and reliable sources of funds are from taxpayer-insured deposits and the Federal Reserve’s discount window. By comparison, online lenders face capital costs that can be higher than 10%, sourced from potentially fickle institutional investors like hedge funds. Banks also have a built-in customer base, and access to proprietary data on depositors that can be used to find eligible borrowers who already have a relationship with the bank. Comparatively, online lenders have limited brand recognition, and acquiring small business customers online is expensive and competitive.

But banks’ ability to use these strengths to build real competitive advantage is not a forgone conclusion. The new online lenders have made the loan application process much more customer-friendly. Instead of walking into a branch on Main Street and spending hours filling out paperwork, borrowers can complete online applications with lenders like Lending Club and Kabbage in minutes and from their laptop or phone at any hour of the day. Approval times are cut to days or, in some cases, a few minutes, fueled by data-driven algorithms that quickly pre-qualify borrowers based on a handful of data points such as personal credit scores, Demand Deposit Account (DDA) data, tax returns, and three months of bank statements. Moreover, in instances where borrowers want to shop and compare myriad options in one place, they turn to online credit brokers like Fundera or Intuit’s QuickBooks Financing for a one-stop shopping experience. By contrast, banks — particularly regional and smaller banks — have traditionally relied on manual, paper-intensive underwriting processes, which draw out approval times to as much as 20 days.

The questions banks should ask themselves

We see four broad strategies that traditional banks could pursue to compete or collaborate with emerging online players—and in some cases do both simultaneously. The choice of strategy depends on how much investment of time and money the bank is willing to make to enter the new marketplace, and the level of integration the bank wants between the new digital activities and their traditional operations.

Two of the four options are low-integration strategies in which banks contract for new digital activities in arms-length agreements, or pursue long-term corporate investments in separate emerging companies. This amounts to putting a toe in the water, while keeping current operations relatively separate and pristine.

On the other end of the spectrum, banks choose higher-integration strategies, like investing in partnership arrangements, where the new technologies are integrated into the bank’s loan application and decision making apparatus, sometimes in the form of a “white label” arrangement. The recent partnership between OnDeck and JPMorgan Chase is such an example. Some large and even regional banks have made even more significant investment to build their own digital front ends (e.g. Eastern Bank). And as more of the new fintech companies become possible acquisition targets, banks may look to a “build or buy” strategy to gain these new digital capabilities.

For banks that choose to develop their own systems to compete head-on with new players, significant investment is required to automate routine aspects of underwriting, to better integrate their own proprietary account data, and to create a better customer experience through truly customer-friendly design. The design and user experience aspect is especially out of sync with bank culture, and many banks struggle with internal resistance.

Alternatively, banks can partner with online lenders in a range ways – from having an online lender power the bank’s online loan application, to using an online lender’s credit model to better underwrite and service bank loan applications. In these options, the critical question is whether the bank wants to keep its own underwriting criteria or use new algorithms developed by its digital partner. Though the new underwriting is fast and uses intriguing new data, such as current bank transaction and cash flows, it’s still early days for these new credit scoring methods, and they have largely not been tested through an economic downturn.

Another large downside of partnering with online lenders is the significant level of resources required for compliance with federal “third party” oversight, which makes banks responsible for the activities of their vendors and partners. In the U.S., at least three federal regulators have overlapping requirements in this area, creating a dampening effect that regulatory reform in Washington could serve to mitigate.

Banks that prefer a more “arm’s-length” arrangement have the option to buy loans originated on an alternative lender’s platform. This allows a bank to increase their exposure to SME loans and pick the credits they wish to hold, while freeing up capital for online lenders. This type of partnership is among the most prolific in the online small business lending world, with banks such as JPMorgan Chase, Bank of America, and SunTrust buying assets from leading online lenders.

The familiar David vs. Goliath script of the scrappy, internet-fueled startup vanquishing the clunky, brick-and-mortar-laden incumbent is repeated so often in startup circles that it is sometimes treated as inevitable. But in the real world, sometimes David wins, other times Goliath wins, and sometimes the right solution involves a combination of both. SME lending can remain a big business for banks, but only with deliberate choices about where to play and how to win. Banks must focus on areas where they can build a distinct competitive advantage, and find ways to partner with or learn from the new innovators.

https://hbr.org/2017/04/how-banks-can-compete-against-an-army-of-fintech-startups

Der Kreis derer, die als Chief Disruption Officer überhaupt nur annähernd in Betracht kommen, hat den Radius „null“

Ich bin eine eierlegende WollMilchSau – und der neue Chief Disruption Officer Deiner Firma!

Eierlegende Wollmilchsau

Eierlegende Wollmilchsau

Fotolia #83825279 | Urheber: jokatoons

Herausforderung: die Auftragsklärung

Ein neuer CDO soll bei den Konzernen oft den „Tanker bewegen und in Schnellboote verwandeln“, schließlich hört und liest man ja überall von Startups, Agil, Dynamik, Disruption und stetiger Veränderung. Da stellt sich doch die Frage (typischerweise an HR) wer erstellt den das JobProfil für einen Job, den es noch nie gab und dessen Ziele so faszinierend unterschiedlich, ja widersprüchlich sind. Schließlich wird jeder seine eigene Vorstellung davon haben, was der künftige CDO „endlich“ angehen soll – fragen Sie doch mal Kollegen aus unterschiedlichen Funktionen!

In der folgenden Liste habe ich einmal einige (Achtung Buzzword-Bingo) zusammengefasst:

Typische CDO Erwartungsperspektiven:

  • Neue(s) Business Modell(e) finden, entwickeln und bitte gleich den Return on Investment im ersten Jahr sicherstellen
  • Change Manager (Disruption, Innovation…) der die gesamte Organisation in die neue Arbeitswelt führt
  • Neue Vertriebs- und Finanzierungskanäle – vom Crowdfunding über Crowdstorming, Crowdworking und Social Marketing
  • Digital Mindset / Organisationsentwicklung – nachhaltige Veränderung der Unternehmenskultur
  • Board Coaching / Trainer für die anderen Vorstände
  • Smart Factory – die intelligente Fabrik, digitalisierte, automatisierte und vernetzte Produktionsumgebungen mit neuen agilen Werkzeugen bis zur Losgröße 1 (zugleich stetig wachsender Fokus auf Service-Orientierung stattfindet – also „nicht-produktion“)
  • BigData / Analytics / Predictive – alles was man mit Daten, deren Analyse und Vorhersagbarkeit so treiben kann
  • Rechtsanwalt – Arbeit 4.0, Zusammenarbeit mit Externen, Compliance… siehe unten „illegal“
  • Neues IT Framework – moderne Softwarearchitekturen, Werkzeuge und Apps einführen
  • Digitales Vorbild / Botschafter – Sichtbar werden für neuen Arbeitsstil, Führungskultur – am Besten auch nach außen werbewirksam
  • Digitale Prozesse / Digitale Effizienz – den systemischen Organisationsmotor generalsanieren
  • Social Media extern – von Arbeitnehmerattraktivität über Recruiting (von natürlich Digital Professionals) bis zu Wirkungsverbesserung durch virales Marketing
  • Interne Kommunikation und Zusammenarbeit (Enterprise Social Networking)… – die gesamte Belegschaft, inklusive Fabrikarbeiter mobil, vernetzt, zeit- und orts-unabhängig sowie skallierbar in Arbeit 4.0 führen

Diese Liste an Erwartungen ist sicher alles andere als vollständig, soll aber zeigen, dass es nicht einfach ist, das Profil für diese Position so zu definieren, dass der Inhaber überhaupt eine Chance hat Wirkung zu entfalten. Schließlich gilt es neben den fachlichen Aufgaben auch die bestehende Kultur, Politik, Seilschaften etc. kennen zu lernen und dann nachhaltig zu verändern.

Herausforderung: Woher nehmen, diese CDO – eierlegende WollMilchSau?

Wie einer der Headhunter mal so schön formulierte:

„der Kreis derer, die als CDO überhaupt nur annähernd in Betracht kommen, hat den Radius „null““

Es gibt keine Ausbildung zum CDO, typische Karrierewege erzeugen meist „system-stabilisierende“ Vertreter, wer will einem „jungen Wilden“ die Verantwortung über einen Konzern geben. Die Zahl derer, die in ähnlichen Rollen erfolgreich sind, ist äußerst überschaubar – Nachahmung schwierig- und oft auch nicht einfach übertragbar… auch die großen Consulting Riesen sind hier sicher keine Hilfe, da deren Reifegrad hier ähnlich jungfräulich ist (Es gibt keine Blaupausen, die man aus der Schublade ziehen könnte, keine Beweise, kaum Studien die als Handlungsanleitung taugen)

Also wird nach Kompromissen gesucht, das kann dann z.B. so aussehen:

  • wir nehmen eine(n), der schon Vorstand war/ist … dort findet man kaum Digital Natives (damit ist nicht vorrangig das Alter, vielmehr deren Haltung gegenüber neuen, disruptiven Entwicklungen gemeint, die noch nicht allgemein als erfolgreich, bleibend und wichtig/prägend anerkannt sind), aus Karrieregründen kaum jemanden, der mit Transparenz, Beteiligung und agilen Methoden risikofreudig umgeht
  • wir nehmen eine(n), der IT kann … wohl einer der häufigsten Fehler, Digitale Transformation mit IT zu verwechseln. Wohl ist ein guter Teil (ca. 20%) mit Software, Tools und IT KnowHow verbunden, der Großteil geht aber um völlig andere (oft sehr IT fremde) Themen – es geht sehr viel um Führung! siehe Liste oben
  • wir nehmen eine(n), der schon ein Startup erfolgreich gemacht hat … das führt auf beiden Seiten zu großen Enttäuschungen: Freiheit, Sicherheit, Vorgaben, Rahmenbedingungen, Größe, Internationalität… Assimilation garantiert
  • wir nehmen jemanden, der Karriere machen will und großes Potential zeigt … Wer Karriere machen will ist meist doch recht Regel-konform unterwegs. Wer traut es sich „alles“ in Frage zu stellen bei einem System, in dem er/sie groß werden will? Risikobereitschaft, Fehler machen (dürfen) sind nicht die üblichen Treiber einer erfolgreichen Karriere
  • wir suchen jemanden von Extern – klar, neue Besen kehren gut… wie sieht es aber mit der damit verbundenen sehr langen Anlaufzeit aus. Kann es sich z.B. ein Automobilkonzern in der heutigen Lage leisten jetzt mit jemandem bei null anzufangen, was die internen Kenntnisse, Netzwerke (oder besser Verstrickungen), Politik, Kultur angeht?

Den „fertigen“ CDO zu finden dürfte also ein schwieriges Unterfangen sein – eine Lösung wäre in meinen Augen mit der aktuellen Priorität zu beginnen und zu versuchen die fehlenden Merkmale zu intern zu entwickeln (ideal parallel mit allen anderen). Neben Kultur, Führung ist sicher „neues, konstantes Lernen“ auf allen Ebenen höchst relevant.

aus: https://www.linkedin.com/pulse/der-cdo-wirds-schon-richten-harald-schirmer