On Friday May 25, the European Union implemented what is arguably the biggest change to the regulatory landscape of data privacy in the last 20 years. The General Data Protection Regulation (GDPR) has changed the way businesses and public sector organizations must handle their customers’ information, boosting the rights of individuals and gives them more control over their information.
“[Organizations] must clearly explain to customers the ways in which they will access, use, share, and protect customer information,” stated a recent Harvard Business Review article, “and it must go hand in hand with giving customers control over these data uses. Failure to do so leaves a firm susceptible to risk from multiple harms.”
While some organizations are on top of the new regulation, others have been scrambling to finalize their data inventories, contract updates, security controls implementation, application system changes, etc., to comply with the regulation.
However, once in compliance with the new regulation, the next step on any GDPR journey should be to track compliance. To this end, compliance tracking is important from two dimensions – externally, regarding the push from your customers, and internally, regarding the dynamics of your organization.
Let’s look at these dimensions in turn.
Recent research from Capgemini’s Digital Transformation Institute (DTI) – that surveyed 6,000 individuals and 1,000 industry executives across eight countries – indicates that more than one in three consumers (39%) will spend more with an organization when convinced that the organization protects their personal data (see Figure 1).
On the other hand, 57% of consumers indicated that they are likely to take action when they find out that an organization is not ensuring data privacy. This action could be that the customer exits or reduced business (71%), data erasure requests (75%), or data port requests (50%) (see Figure 8).
The DTI report also indicates that organizations are blind sided when it comes to understanding customer expectations. Globally, while 80% of the executives surveyed presumed that consumers trust organizations with the privacy and security of their personal data, only 52% of consumers concurred with that view (see Figure 7).
More significantly, executives hugely underestimate the extent of post GDPR activism by consumers. While 71% of executives believe that individuals wouldn’t take significant action after GDPR comes into effect, only 43% of consumers indicated that they are likely to take no action when an organization is not ensuring protection of personal data (see Figure 9).
Customers are likely to become more demanding of their data protection rights and punishing, where they feel underserved post GDPR. This puts pressure on managements to have a robust internal monitoring system to track compliance. Organizations must demonstrate their data protection posture to win over the loyalty of their customers. Mature organizations work proactively to inform, educate, and assure customers of their data protection measures.
Compliance tracking is the bedrock on which organizations can build an orchestrated campaign to leverage GDPR compliance to become a business enabler. The DTI report indicates that 57% of the organizations are already moving in this direction with high level of implementation of GDPR assurance programs (see Figure 17).
To find out how our compliance tracking services can help your organization stay on top of your data protection initiatives, contact Geetha Jayaraman.
Learn more about how Capgemini’s GDPR services can help you with your compliance.
Geetha Jayaraman helps organizations leverage their use of technology by managing risks to achieve organizational objectives. She uses her experience to facilitate digital transformation of organizations through the adoption of the right technology solutions. As an expert in cybersecurity, she has guided many organizations in balancing risk with the adoption of technologies. Prior to her current role in Information Risk Assurance at Capgemini, she worked with several large technology service providers to bridge business objectives with ICT solutions.