New report shows
With GDPR coming into effect on 25 May, 2018, 85% of firms in Europe and the United States will not be ready on time. Additionally, one in four will not be fully compliant by the end of this year, according to a new report today from Capgemini’s Digital Transformation Institute.
A race against the GDPR clock
With the deadline fast approaching, there is a mixed picture across Europe when it comes to readiness. British businesses are the most advanced, despite only 55% reporting they will be largely or completely compliant. Spain (54%), Germany (51%) and the Netherlands (51%) are close behind, with Sweden having the most work to do: just 33% of Swedish firms will be largely or completely compliant on time.
The research suggests that some companies are overlooking the business opportunity of GDPR. Nearly one-third of firms are focusing on compliance only: 31% report that the focus of their program is to comply with the mandate rather than gain competitive advantage. Furthermore, although non-compliant organizations face fines of up to 4% of annual revenue, nearly 19% say ensuring they are prepared is not a priority for them.
A missed opportunity for boosting the top line
The research suggests that firms who have got ahead of the deadline, and invested in compliance and data transparency with consumers, are starting to reap the rewards. Of those consumers that are convinced an organization protects their personal data, 39% have purchased more products and increased spend with that individual firm as a result. This increased spend is substantial, with these consumers spending as much as 24% more. In addition, 40% have transacted more frequently with the organization, either a few times or on a regular basis. The benefits go beyond spending too: 49% say that they have shared positive experiences with friends and family, bolstering a firm’s reputation among potential consumers.
Rupert Bedell, CMO of Unum, a leading insurance firm in the US and UK, said of the benefits of GDPR, “It will encourage marketers to talk to people when they need something and not simply contact them about something they might want. Rather than pushing products using flaky data, we can handle data in a smart way to create magic moments when people really require help.”
GDPR is also empowering consumers to take action over their own data. Across Europe, 57% of individuals say they will take action against an organization if they know a firm is failing to adequately protect their personal data. Of these, more than 70% will take actions such as reducing their spending (71%), stopping doing business with them (71%) or sharing negative experiences with family and friends (73%).
To help counterbalance this, the report highlights that firms need to make sure they recognize the level of trust their customers have in them. Right now this is not the case: almost three quarters (71%) of executives believe that consumers will not take any significant action, such as to have their data removed. In addition, eight in ten say customers trust their organization with the privacy and security of data, but just 52% of consumers agree. This misperception means businesses are missing out on the potential bottom-line benefits previously highlighted and only 11% are centering their GDPR compliance efforts on customers’ needs.
“Executives now have a great chance to use GDPR to create a customer-first privacy strategy. That business opportunity is significant,” saidWillem de Paepe, Global GDPR leader at Capgemini. “Beyond gaining consumer confidence and increased spending, knowing exactly what data is held allows firms to use analytics more effectively and improve operations. Firms will also know which files they must delete, freeing up valuable storage space and reducing some of the $3.3tr it will cost to manage data globally by 2020.”