GDPR regulations came into force on May 25, 2018, with 85% of firms unprepared to meet compliance requirements. In fact, one in four companies won’t be ready this year. These are the stark findings from Capgemini’s new GDPR report, Seizing the GDPR Advantage: From mandate to high-value opportunity, which shows that businesses globally are failing to capitalize on the business opportunities of the GDPR.
If one thing is clear, both from our research findings and my conversations with business media, such as CNBC, it’s that organizations across all sectors are still working out the implications of the GDPR. Many businesses are still struggling to understand what the GDPR means for them and how to adapt to it.
There are a number of reasons for this, the first being that the regulation itself is a highly complex 260-page document with a very wide scope. Understanding how the new legislation applies to individual businesses takes a lot of time and investment from firms.
Many companies also expected GDPR compliance to be a straightforward process, only to discover that they didn’t know where their data was or how to find it. This has been particularly difficult for data-siloed businesses that don’t have an overarching view of where their personal data files are stored, not to mention understanding how the different data files are related and whether continuing to process, access and share that data is allowed under the new laws. That may sound trivial, but it is a technical task that requires a lot of time and manpower to complete.
It’s also becoming clear that many companies overestimate consumer trust. Our findings show that 57% of consumers would tell others about companies that misuse their data. But there are many more businesses dismissing these risks. Right now, more than two thirds (71%) of executives believe that consumers will not take any significant action as a result of data misuse, such as asking to have their data removed. This is a dangerous misconception, given that many businesses rely on customer data to inform their marketing strategies and product development.
It’s not all doom and gloom. As the report makes clear, there is a significant upside for those companies that go beyond compliance, viewing GDPR as a business opportunity to improve relationships with customers. Of those consumers who trust a firm with their data, 39% say they are inclined to buy more products and services from that company. And when they do, those same customers spend up to 24% more. That means the businesses that take a customer-centric approach to data are likely to see a significant commercial boost.
The GDPR should not be taken lightly. Firms have a great opportunity to use this legislation to take a strategic view of data governance, invest in data protection, and crucially enhance customer trust – allowing them to reap the rewards from improved loyalty and increased revenue opportunities.