How GDPR and Data Subject Rights Became Your Biggest Advantage

I talk about the General Data Protection Regulation (GDPR) a lot. Most organisations I speak to have spent the past year or so preparing for, and worrying about, the impact of GDPR on their business.

But stepping outside the corporate bubble and putting aside the views of business leaders yields some insights from consumers that can’t be ignored.

A recent Veritas study of 12,500 people across 14 countries found that:

  • 92% of consumers are concerned about the privacy of their data
  • 2 in 5 consumers believe most businesses don’t know how to protect their personal data
  • 62% would stop buying from a business that fails to protect their data.

Consumers may not be thinking as obsessively about data security as companies are, but they’re certainly thinking about it, and are willing to take action against organisations that misuse their data.

For some, this will be a significant cause for concern, but there’s a flip side to this coin: GDPR can be good for business. All the evidence shows that many consumers will fight for control over their personal data. Giving them that control, instead of fighting it, could be the key to success in a post-GDPR world.

Consumers have the power, and they won’t be afraid to use it

Thanks to GDPR, the rights of data subjects have grown, and consumers have significant control over the way their data is used by businesses. The balance of power has fundamentally shifted from company to customer.

Veritas’ research confirms that consumers are highly aware of this new power:

  • 74% of consumers surveyed said they would report a business to the regulators if it failed to safeguard their data
  • 81% say they would tell friends and family to boycott an organisation that misused data
  • 65% would post negative comments about the business online
  • 48% would abandon their loyalty to a brand and consider turning to a competitor.

 

106898-001_VER_Business Brains-blog image.jpgThanks to a recent torrent of hacks, breaches and, arguably, GDPR itself raising awareness of the issue of data security, consumer trust in companies’ ability to care for their personal data is being steadily eroded. That lack of trust may be the single biggest issue facing organisations today, and it has a direct impact on brand loyalty and future revenues.

I suspect that most consumers have yet to grasp the full extent of their new rights, but this research shows that consumers are ready to retaliate if companies fall out of line.

And companies can’t rely on consumers remaining in the dark for long. They’ll learn from the regulator’s example: each time a company is taken to task for breaking the terms of GDPR, consumers will gain a better understanding of the parameters of the legislation.

Some consumers, for example, won’t have realised that the increased portability of data under GDPR should make switching between, say, utilities providers, much easier than before. But word will spread quickly should any utilities provider attempt to prevent an easy transition and receive a reprimand from the regulator. Brand damage and increased consumer switching will surely follow.

Not all industries will be targeted equally. Some industries, like retail, have profited hugely from clever use of customer data in the past – but retailers have also, at times, skirted the line between helpful personalisation and levels of personalisation that make the consumer, frankly, uncomfortable. Post-GDPR, consumers may show less patience with frequent marketing emails, and more readily delete, unsubscribe and, if things go too far, report errant retailers.

Transparency and accountability are the keys to success

During this ‘grace period’, where GDPR is in force but still only partially understood by most consumers, companies have three possible courses of action.

They can throw up a mile-high wall of legal jargon, treating consumers and regulators like the enemy.

They can build their fortifications brick by brick, waiting until consumers or regulators notice a chink in their armour before they scramble to fill it.

Or they can throw the gates wide open and be completely transparent about their data usage – put their data management strategy in their annual report, demonstrate how they protect customer data, and be patient with personal data requests from nervous consumers.

Those who follow the latter path will have an undeniable competitive advantage.

While consumers will punish companies that fail to safeguard their personal data, Veritas’ research shows that they’re equally willing to reward those that prove themselves trustworthy:

  • 59% of consumers would spend more money with organisations that they trust to care for their data
  • Of those, 27% would be willing to spend up to 25% more with those organisations.

These consumers make a conscious choice to spend money with companies that they trust. Logically, they’ll be more likely to hand over their data, too, and more open to that data being used in personalised communications that make them more likely to buy – increasing the competitive advantage further still.

In short, the key to seeing the business benefits of GDPR is complete transparency. Invite the customer in. Let them look around. Show them that you’re ready, willing and able to protect their data, and then show them exactly how you’ll do it, and you’ll soon reap the rewards.

You can read the full results of Veritas’ study, including which industries will most likely be targeted by consumer personal data requests, here.