With GDPR coming into effect in just over a week from today, 85 percent of firms in Europe and the United States will not be ready on time. Additionally, one in four will not be fully compliant by the end of this year.
Capgemini’s Digital Transformation Institute surveyed 1,000 executives and 6,000 consumers across eight markets to explore attitudes to, readiness for, and the opportunities of GDPR.
A race against the GDPR clock
With the May 25th GDPR deadline fast approaching, 63 percent of U.S. respondents said they will be largely or completely compliant. There is a mixed picture across Europe when it comes to readiness. British businesses are the most advanced, despite only 55 percent reporting they will be largely or completely compliant. Spain (54 percent), Germany (51 percent) and the Netherlands (51 percent) are close behind, with Sweden having the most work to do: just 33 percent of Swedish firms will be compliant on time.
The research suggests that some companies are overlooking the business opportunity of GDPR. Nearly one-third of firms are focusing on compliance only: 31 percent report that the focus of their program is to comply with the mandate rather than gain competitive advantage. Furthermore, although non-compliant organizations face fines of up to four percent of annual revenue, nearly 19 percent say ensuring they are prepared is not a priority for them.
A missed opportunity for boosting the top line
The research suggests that firms who have got ahead of the deadline, and invested in compliance and data transparency with consumers, are starting to reap the rewards. Of those consumers that are convinced an organization protects their personal data, 39 percent have purchased more products and increased spend with that individual firm as a result.
This increased spend is substantial, with these consumers spending as much as 24 percent more. In addition, 40 percent have transacted more frequently with the organization, either a few times or on a regular basis. The benefits go beyond spending too: 49 percent say that they have shared positive experiences with friends and family, bolstering a firm’s reputation among potential consumers.
GDPR is also empowering consumers to take action over their own data. Across Europe, 57 percent of individuals say they will take action against an organization if they know a firm is failing to adequately protect their personal data. Of these, more than 70 percent will respond by reducing their spending (71 percent), stopping doing business with them (71 percent) or sharing negative experiences with family and friends (73 percent).
To help counterbalance this, the report highlights that firms need to make sure they recognize the level of trust their customers have in them. Right now this is not the case: almost three quarters (71 percent) of executives believe that consumers will not take any significant action, such as to have their data removed.
In addition, eight in 10 say customers trust their organization with the privacy and security of data, but just 52 percent of consumers agree. This misperception means businesses are missing out on the potential bottom-line benefits previously highlighted and only 11 percent are centering their GDPR compliance efforts on customers’ needs.
“Executives now have a great chance to use GDPR to create a customer-first privacy strategy. That business opportunity is significant,” said Willem de Paepe, Global GDPR leader at Capgemini. “Beyond gaining consumer confidence and increased spending, knowing exactly what data is held allows firms to use analytics more effectively and improve operations. Firms will also know which files they must delete, freeing up valuable storage space and reducing some of the $3.3 trillion it will cost to manage data globally by 2020.”