More than a year after it came into force, many companies are still not fully compliant with GDPR. What are the benefits for those which are? By embracing GDPR rather than resenting it, you might improve the performance of your business inside and out. That’s what a new report from the Capgemini Research Institute indicates, and it’s what many have been saying all along.
One of the main changes which GDPR brought with it was accountability. Companies must now be able to prove their compliance with EU data privacy laws at short notice, and everyone in the data chain is answerable to those laws. While this seems tedious to many companies, others see it for the business opportunity that it is.
By showing respect for customers and their data, businesses can instil a higher level of trust in them. EU citizens are more aware than ever before of their privacy rights. They want reassurance that companies take them seriously. GDPR has become a selling point for those which rise to the challenge.
The Capgemini Study
Capgemini polled 1100 senior executives from a diverse range of industries such as banking, healthcare, insurance, public/government services, retail and telecom. Only 28% of those polled said they were fully GDPR compliant. With that established, Capgemini then compared the performances of compliant and non-compliant companies.
While GDPR has been good for business generally, it has been better for those which are fully compliant. At least, that’s what the survey shows. On average, GDPR-compliant companies are outperforming non-compliant ones by 20%. The figures below show the percentage of executives who reported positive GDPR impacts in certain areas.
External Effect
- Impact on consumer ratings: 65% non-compliant and 82% compliant.
- Impact on customer satisfaction: 64% non-compliant and 81% compliant.
- Impact on customer trust: 66% non-compliant and 84% compliant.
Internal Effect
- Impact on targeted leads for marketing: 63% non-compliant and 81% compliant.
- Impact on revenue: 63% non-compliant and 76% compliant.
- Impact on employee morale: 57% non-compliant and 79% compliant.
- Impact on brand image/reputation: 63% non-compliant and 81% compliant.
Note that the non-compliant companies in this list are likely part compliant, but for reasons discussed below have fallen short of full compliance to varying degrees.
The Retail Industry
When examining the findings of the Capgemini Study, the retail industry provides an interesting insight into GDPR benefits.
Consumer loyalty programmes, which in the past may have grabbed more personal data than was strictly necessary, have attracted greater participation in 74% of GDPR-compliant retailers. Among the non-compliants, this figure drops to 54%.
A more surprising benefit lies in the number of data subjects targeted in advertising campaigns. While only 57% of non-compliant firms believe this figure to be more significant under GDPR, 80% of the fully compliant ones say they have targeted more customers. This can only be the result of more efficient data handling and processing.
GDPR has also had a 20% more positive effect on online purchases for compliant retailers versus non-compliant ones. You might wonder how this comes about, but then you think of all the hoops one sometimes has to jump through online and how trust affects shopping patterns.
A retailer which has streamlined the buying process in line with GDPR and declared compliance has a competitive edge. Some online vendors still have dubious consent forms that breach the rules. A growing proportion of customers know this and understand their rights. Full GDPR compliance gives retailers the ability to develop all-important trust.
Obstacles to Compliance
It comes as no surprise that many companies are not fully compliant with GDPR. We can guess at the reasons, but what did the Capgemini Study reveal on this?
More than 70% of polled companies are lagging behind in GDPR compliance. Ironically, compliance was at its highest among US companies at 35%. From Europe, the UK and Germany had the next-best scores at 33%. At the other end of the scale were Spain and Italy at 21% and Sweden on 18%.
According to the study, the three main obstacles which halt compliance are these:
- Legacy IT systems are a problem for 38% of polled companies. This is an obstacle because it requires an entire overhaul with GDPR compliance built into the tools and technology of a firm. In turn, this is prohibitive because it’s disruptive and expensive.
- Complexity is a problem for 36% of companies. Assuming you manage to decipher the legalese surrounding GDPR, the requirements for compliance are many and complex. They need a significant effort to implement.
- Cost is an obstacle to GDPR compliance for some 33% of companies, whether they be small or large. The investment is particularly weighty for the latter. A 2018 Netsparker survey found that 10.3% of companies spent more than $1 million on compliance. Multinationals such as Google can’t risk GDPR breaches if they want to avoid heavy fines.
Technological Solutions to Compliance
Increasingly, firms are turning to AI technology for data discovery, mapping and management. Those which were 100% compliant in the Capgemini survey were also ahead of the game in robotic process automation (RPA), data encryption and use of cloud platforms.
For small to mid-sized companies, good GDPR software provides a useful foundation for compliance and comes with built-in expertise.
Although compliance and non-compliance are really binary states, authorities are likely to show more leniency to firms which have at least attempted to meet GDPR needs. There has to be a proactive move towards compliance; apathy and inaction will not do.
The GDPR Mindset
To comply with GDPR requires a change in IT infrastructure, but GDPR awareness must also be ingrained into the minds of all staff. That means an ongoing, thorough process of training and behavioural conditioning which cuts out security threats. Knowing about data threats (e.g. phishing) and reacting to them during a working day are different things. For this reason, GDPR training must be as hands-on as possible and not just dull tutoring.
Of course, it’s not only security threats which staff need training in. A significant part of GDPR compliance lies in handling queries, complaints and SARs (subject access requests) in a timely and proper fashion. To assist with compliance in all areas, two-thirds of companies polled in the Capgemini Study had taken on dedicated full-time staff.
GDPR Morale Boost
An improvement in the morale of staff is a secondary benefit of GDPR compliance, but it’s one which feeds chief benefits such as revenue increases. A workforce that has respect for its employer is likely to be a happier and more productive workforce. Data handling influences that. It shows staff that the company cares for people; customers and employees alike.
GDPR gives businesses the chance to boost morale and productivity in one hit. Embracing it avoids uncertainty among staff, which saps confidence. GDPR is a reboot, if you like, of a business’s wellbeing and ethics. The principles are much the same as what went before, except now they demand attention, empower data subjects and make everyone accountable.
If your business is falling behind on the path to GDPR compliance, it’s never too late to catch up. Jump any hurdles which stand in your way and reap the benefits. Not least of them is peace of mind. Act now!