Jan 16, 2020 12:00:00 AM | EU GDPR Compliance is Becoming a Key Point for Brands

Reports have indicated that people have become increasingly critical about their data on how it's stored and what it is being used for. It has become paramount that businesses take the extra steps in ensuring a secure and privacy compliant way of handling such personal data. As pressure heaps on businesses and brands to adopt this data privacy centered culture, why is it vital for brands to use compliance to their advantage, and not see it as a burden?

As we enter 2020, experts speculate that data protection will be the most important aspect of the new decade. The introduction of the GDPR has brought a data privacy necessity that emphasises the importance of data transparency. The EU’s privacy regulation has brought on various financial fines being issued since it’s enforcement, which not only cost businesses their assets, but in many cases, their reputation as well. Consumers have become increasingly aware about how important their data can be, and businesses are just as aware about how important it is to make sure that data is handled adequately. Data privacy and data protection has not just become another business obligation, but it has also become a social expectation.    

Data privacy compliance is the new “in”

Security platform company, Ping Identity, shared their report in 2018 on Consumer Behaviour Post Data Breach. The research involved 3,000 consumers from the United Kingdom, Germany, France, and the United States, with the aim to understand consumer behaviour to a particular brand after it had suffered a data breach. The report revealed that of the consumers who were a victim of a data breach, 78% said they would stop engaging online with the brand that had suffered the breach, while 36% had answered that they would stop engaging with the brand, completely. In 2019, open source service platform provider Acquia, conducted a survey that involved 1,000 consumers in the US, to gather their opinions and preferences on data handling. As the research considered the enforcement of the GDPR and what was at the time the soon to be enforced CCPA, 55% of the respondents still didn’t know how brands were using their data. Additional findings included that 65% consumers stated that they would stop using and engaging with a brand if it was found to be dishonest about how they were using their data. What the Acquia survey further emphasised was just how important a two-way communication is between a company and its consumers when it comes to their data usage.

As the numbers may suggest, data protection is not the only aspect that consumers look for in brands. Along with that, the pressure of how such data is handled has also become apparent. With the necessities to comply with the GDPR or face the financial penalties that may come of not doing so, as well as the pressure of consumer expectations, in this blogpost, we look into what the outcome looks like for brands who learn to use this pressure to their advantage, instead of seeing it as a burden.    

Meeting the demand: Compliance & consumer trust

Cybersecurity software provider, CheckPoint, conducted a survey to also understand what GDPR compliant businesses gained in terms of consumer trust. Of the 1,000 different companies across France, Germany, Italy, Spain, and the UK, the results revealed that 74% of businesses believe that their GDPR compliance efforts has not only boosted data security, but at the same time it has also impacted a substantial growth in consumer trust. The CheckPoint report showed significant growth in GDPR compliance initiatives from EU based companies. Most respondents showed that they were more confident with data handling as they took appropriate steps to secure such sensitive data, while 83% said that their business used cloud based solutions and that the decision to do so has moved data security habits forward.

Furthermore, according to the 2019 research conducted by the Capgemini Research Institute, of the 1,100 companies involved in their survey, 92% of companies who were GDPR compliant reported significant increases in brand awareness and a significant rise in consumer trust. The report showed that 81% of companies who were GDPR compliant had a large increase in reputation. This was also the case for companies when developing loyalty programs, where four out of five GDPR compliant companies reported a far significant increase in consumer participation in their loyalty programs upon taking the right steps in ensuring data privacy compliance, and communicating it to the audience.

Lastly, the Capgemini report also revealed an internal benefit from the compliant companies as 79% of them had reported employee morale, in terms of creativity, trust, participation, and an overall performance in gathering the right data for the right purposes. The research also revealed that informing consumers about how their data was managed was not only a beneficial move, but the fact that strategic data gathering allowed businesses to filter more applicable data. Consumers who were fully aware about how their information was used, were more willing to engage. This engagement allowed the businesses to organise data belonging to more qualified consumers who have shown interest as well as trust with their brands.   

Compliance: benefit, not burden

However, despite the visible benefits as well as the pressures of being GDPR compliant, there are still challenges that companies tend to face. GDPR fines are still being handed to companies and public bodies of all kinds, of all sizes, ranging from multinational corporations to SMEs. In fact, in the UK alone, more than half of businesses are still not fully GDPR compliant, according to a 2019 GDPR compliance report done by Egress. The report also demonstrated that 52% of the businesses involved in the research were aware that they were not compliant, and 42% admitted that despite taking the right steps, they were still not fully compliant, leaving them prone to fines. At the same time, the demand for transparency on data handling coming from consumers is also on the rise. According to the European Data Protection Board (EDPB), as of the May 2019 report (one full year of the GDPR’s enforcement), of the 281,000+ cases that had been reported to Data Protection Authorities in 27 different member states, 89,200+ were data breach reports. 

Non-compliance: consequences

According to international law firm C/M/S’s GDPR Enforcement Tracker, up to today, a total of over €418,000,000 has been issued in fines for non-compliance with the GDPR, communicated by respectful Data Protection Authorities in 23 different EU/EEA member states. As the GDPR fines are still being handed out to this day, to companies large and small, organisations  will need to find the balance on how they can bridge data privacy and customer satisfaction. The numerical statistics not only put out just how much asset organisations that are not complied with the GDPR may lose due to financial penalties, but it also gives way for a shifted public perception to that specific business and their data management.

It is up to brands to further build on faith, trust, and transparency that might have been flawed in the public’s perception.

Taking customer satisfaction into account, market intelligence agency Mintel, carried out a research in 2018, that had been conducted a few months after the GDPR’s introduction. The results indicated that consumers in the UK were still very concerned about sharing their data to companies. In fact, 71% of the respondents had said that they try to avoid creating new accounts with companies just due to the fact that there is a need to exchange information to a new brand. This further suggests that data privacy might just be the new brand selling point to a public very aware about the importance of sensitive data handling. Over in the US, a survey done last year by data organising platform, Tealium on 1,000 consumers based in the US, revealed that 97% of the consumers show large concerns on how much data they are sharing with organisations. Additionally, the report indicated that although not all of the consumers involved in the study were found to have fully understood the GDPR and the CCPA, a significant 91% had expressed how they would like governments to further “adopt strict rules on companies” to protect consumer personal information and that they would like to always see further government interventions when it comes to mishandling consumer data.

With all the reports that have been shared, and the numerical significance that can be there to suggest that a consumer perception shift has been created to be more wary of data privacy and data handling, it is important to note that companies will need to take the extra steps in achieving GDPR compliance. Not only does this lessen the chances of financial penalties, but as it suggests, it would also provide organisations key advantages.

Our stance in compliance efforts

Here at PrivacyPerfect, we believe in emphasising that bridge between GDPR compliance and consumer trust by helping companies achieve a seamless and GDPR compliant data management process. By offering companies a regularly updated, structured, secure, explained, and time efficient platform to manage large amounts of data, we strive for GDPR compliance on an efficient process. We have provided a link to a 14-Day Free Trial, where you can explore these possibilities. Or, make sure you know the required steps through our Free Ultimate GDPR Guide, written by our privacy experts to help you understand compliance efforts, in a simplified walk-through step guide.