Joint Report from BCG and DLA Piper Reveals How Companies Can Meet—and Exceed—the Data Privacy Requirements of the EU’s Impending General Data Protection Regulation to Become Trusted Data Stewards
PARIS, — Although legal standards such as the European Union’s new General Data Protection Regulation (GDPR) aim to strengthen protections for consumers’ data privacy, a substantial mismatch exists between what companies think consumers care about in the realm of data privacy and what consumers actually want, according to a report by The Boston Consulting Group (BCG) and global law firm DLA Piper. The report, titled Leveraging GDPR to Become a Trusted Data Steward, is being released today.
BCG conducted research in five European countries—France, Germany, Italy, Spain, and the UK—and in the US to test consumer confidence about data privacy. The research showed that consumers are increasingly uneasy about sharing personal data, whether it be financial, familial, locational, or use based. Moreover, the research indicated that certain industries, including online companies, financial companies, and governments, are especially suspect in consumers’ eyes.
But this research also uncovered a counterproductive tendency on the part of many companies to collect and use customer data in “recklessly conservative” ways. On one hand, they avoid using data in ways that consumers feel least hostile to; and on the other, they fail to inform consumers about or ask their permission for data use, even though consumers clearly want to be asked.
“Companies were substantially less likely than consumers to think that third-party use of consumer data is acceptable,” noted Elias Baltassis, a BCG director and coauthor of the report. “These results suggest that companies are being unduly conservative in their pursuit of new data uses, in the hope that their caution will insulate them from risk—but then they turn around and antagonize their consumers anyway by not informing them of the uses they do make of the data.”
Preparing for the GDPR
A major regulatory effort to address the collection, handling, and sharing of consumer data, the GDPR sets detailed standards for appropriate use of such data. The regulation will come into force in May 2018 and will apply to virtually every company or organization that handles data on citizens of the EU.
The new regulation requires that consumer consent be explicit, and it stipulates that consumers have the “right to be forgotten” and the “right to data portability”—rights that make companies more accountable for how they process personal data under “privacy by design” and “privacy by default” principles. To enforce these changes, the GDPR gives the regulator power to levy financial sanctions of up to 4% of a company’s annual worldwide revenue or €20 million—whichever is higher.
From Simple Compliance to Smart Compliance—and Beyond
The report by BCG and DLA Piper examines key features of the new regulation, considers the readiness of companies to meet its provisions, and inquires into the mismatch between what many companies imagine to be the sources of consumer mistrust over data use and consumers’ actual concerns. By aligning the company’s data use practices with consumers’ real-world views on how their data should be treated, businesses can differentiate themselves from their rivals in terms of trustworthiness.
The BCG/DLA Piper report outlines a straightforward process by which companies can move swiftly from simple compliance with the GDPR (satisfying the letter of the law) to smart compliance with it (adopting a suite of best practices to foster consumer trust), and from there to truly trusted data stewardship in the estimation of their customers.
One essential consideration here is the importance of achieving compliance early. A recent survey by DLA Piper found that many organizations across the EU are unprepared on multiple points to meet the express terms of the new data privacy regulation when it rolls out.
“The average alignment of survey respondents to the GDPR’s provisions was just 34%,” said Patrick van Eecke, a DLAP partner and report coauthor, “meaning that most organizations have not yet resolved numerous compliance gaps.”
Being ahead of the curve could be a major source of competitive advantage for companies that are ready to comply in full. And the benefits of consumer trust can be very large: BCG research shows that consumers are at least five times as likely to share data with a company they trust as with one they do not.
A copy of the report can be downloaded at http://on.bcg.com/2Havptr
About The Boston Consulting Group
The Boston Consulting Group (BCG) is a global management consulting firm and the world’s leading advisor on business strategy. We partner with clients from the private, public, and not-for-profit sectors in all regions to identify their highest-value opportunities, address their most critical challenges, and transform their enterprises. Our customized approach combines deep insight into the dynamics of companies and markets with close collaboration at all levels of the client organization. This ensures that our clients achieve sustainable competitive advantage, build more capable organizations, and secure lasting results. Founded in 1963, BCG is a private company with offices in more than 90 cities in 50 countries. For more information, please visit bcg.com.
About DLA Piper
DLA Piper is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa, and Asia Pacific, positioning us to help clients with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies.