With GDPR coming into effect this week, 85 percent of firms in Europe and the U.S. will not be ready on time. In fact, one in four will not be fully compliant by the end of this year, according to a new report from Capgemini‘s Digital Transformation Institute.
A race against the GDPR clock
With the May 25th GDPR deadline fast approaching, 63 percent of U.S. respondents said they will be largely or completely compliant. There is a mixed picture across Europe when it comes to readiness. British businesses are the most advanced, despite only 55 percent reporting they will be largely or completely compliant. Spain (54 percent), Germany (51 percent) and the Netherlands (51 percent) are close behind, with Sweden having the most work to do: just 33 percent of Swedish firms will be compliant on time.
The study, Seizing the GDPR Advantage: From mandate to high-value opportunity, suggests that some companies are overlooking the business opportunity of GDPR. Nearly one-third of firms are focusing on compliance only—31 percent report that the focus of their program is to comply with the mandate rather than gain competitive advantage. Furthermore, although non-compliant organizations face fines of up to four percent of annual revenue, nearly 19 percent say ensuring they are prepared is not a priority for them.
A missed opportunity for boosting the top line
The research suggests that firms who have got ahead of the deadline, and invested in compliance and data transparency with consumers, are starting to reap the rewards. Of those consumers that are convinced an organization protects their personal data, 39 percent have purchased more products and increased spend with that individual firm as a result.
This increased spend is substantial, with these consumers spending as much as 24 percent more. In addition, 40 percent have transacted more frequently with the organization, either a few times or on a regular basis. The benefits go beyond spending too: 49 percent say that they have shared positive experiences with friends and family, bolstering a firm’s reputation among potential consumers.
“It will encourage marketers to talk to people when they need something and not simply contact them about something they might want,” said Rupert Bedell, CMO of insurance firm Unum, of the benefits of GDPR. “Rather than pushing products using flaky data, we can handle data in a smart way to create magic moments when people really require help.”
GDPR is also empowering consumers to take action over their own data. Across Europe, 57 percent of individuals say they will take action against an organization if they know a firm is failing to adequately protect their personal data. Of these, more than 70 percent will respond by reducing their spending (71 percent), stopping doing business with them (71 percent) or sharing negative experiences with family and friends (73 percent).
To help counterbalance this, the report highlights that firms need to make sure they recognize the level of trust their customers have in them. Right now, this is not the case—almost three quarters (71 percent) of executives believe that consumers will not take any significant action, such as to have their data removed. In addition, eight in 10 say customers trust their organization with the privacy and security of data, but just 52 percent of consumers agree. This misperception means businesses are missing out on the potential bottom-line benefits previously highlighted and only 11 percent are centering their GDPR compliance efforts on customers’ needs.
“Executives now have a great chance to use GDPR to create a customer-first privacy strategy. That business opportunity is significant,” said Willem de Paepe, Global GDPR leader at Capgemini, in a news release. “Beyond gaining consumer confidence and increased spending, knowing exactly what data is held allows firms to use analytics more effectively and improve operations. Firms will also know which files they must delete, freeing up valuable storage space and reducing some of the $3.3 trillion it will cost to manage data globally by 2020.”
The results in this report are from two groups: private individuals and executives of large companies. Capgemini’s Digital Transformation Institute (DTI) questioned 1000 executives from organizations with revenue of over $1 billion across eight countries: France, Germany, Italy, Netherlands, the UK, the USA, Sweden and Spain. In addition, the DTI spoke to 6000 consumers (aged 18 and above) across seven European markets that come under GDPR: France, Germany, Italy, Netherlands, the UK, Sweden, and Spain. The survey was conducted in March-April 2018.