Your inbox may look very different to this time last year, but what else has changed? Amanda Arthur, our vice president of data and analytics, looks at the true impact of GDPR and whether businesses really have begun to respect their customers’ privacy.
GDPR has raised the awareness and importance of data security at all levels across most businesses. Processes for managing data have improved, information security has been enhanced, senior stakeholders are engaged, and staff are being trained.
Today, more rigour is being applied to how customer data is being used. Data Protection Impact Assessments (DPIAs) now force companies to have the wider internal debate about data protection, which was not happening routinely before May 2018. So far, the much-feared fall-out in the form of Subject Access Requests (SARS) has been less than expected – they have increased, but the deluge has not materialised.
Awareness of data privacy amongst consumers is growing. The media is playing a role in surfacing both large and smaller scale company data lapses, whether intentional or accidental.
This is increasing the public's sensitivity to sharing or exposing personal data, such as in social media, or the storage of their financial details when buying online. The moral outrage expressed in the media about data breaches may help to grow public awareness and change the consumer attitude from ambivalence to a greater level of engagement, but is it driving behavioural change? Are consumers really looking more closely at how businesses use their data? Often, things have to get dangerously out of hand before people will react.
There is evidence of a shift on the part of businesses towards thinking about GDPR in the context of ongoing governance, rather than as a hurdle that must be overcome. Part of this is being driven by the fear of a big fine and the impact on reputation should something go wrong. According to a recent study by the payment security firm PCI, 44% of UK consumers would stop spending at a breached company.
Governance is one thing, but more consideration needs to be given to the ethics of data use. The company perspective needs to be much more about whether the customer would find a specific use acceptable and less about whether this can be justified by the business.
Privacy is becoming ever more complex for the average consumer to understand, with AI/Machine Learning increasingly in the spotlight. Businesses need to ensure they are on the front foot and have addressed, debated and understood the issues internally, so they can be as transparent as possible to consumers about how they will be affected.