GDPR (or General Data Protection Regulation) is receiving greater focus as organisations balance customer experience with compliance demands.
Millions will be spent by companies to deal with the incoming GDPR and ePrivacy directives that come into force in May 2018 in the European Union. That’s according to a new commissioned study conducted by Forrester Consulting on behalf of Evidon, a provider of technical solutions to complex digital Governance, Risk & Compliance (GRC) problems.
Nearly half (48%) of firms reported an initial establishing budget in excess of $1 million for GDPR and ePrivacy compliance, and 58% reported an annual maintenance budget of the same amount. Furthermore, 67% believe these budgets will increase after May 2018.
According to the study, GDPR, “along with the institution of changes to the ePrivacy directive, will fundamentally change the way organisations must think about privacy going forward. But simple compliance with these new and revised regulations should not be the ultimate goal for firms. Rather, firms need to embrace these changes as a way to improve customer experiences and gain a competitive advantage for themselves.”
Other findings from the study include:
Balancing exceptional CX with compliance is critical. Once GDPR takes effect, 39% of respondents said they are most concerned about their ability to balance compliance with best in class customer experiences. Another third are also concerned that the required communications about customer data and privacy issues will impact customer experiences negatively. “This balance between compliance and CX is critical if firms want to continue to win, serve, and retain their customers in a post-GDPR world,” according to the study.
GDPR will bring sweeping change. Nearly half (48%) of firms reported that after May 2018, their organisation will emphasize privacy by design. Similarly, 36% believe privacy will be central to company culture after the deadline.
The study also includes key recommendations for companies looking to transform GDPR compliance into a business advantage. These include:
- Create a cross-functional privacy working group.
- Practice Privacy by design (PbD).
- Make privacy a corporate social responsibility.
- Create great experiences around consent and preference.
Forrester surveyed 263 data and compliance decision makers at organisations that either operate or do business in Europe. Overall, the study found that firms are taking GDPR seriously, and that many anticipate GDPR compliance will transform their organisations through “increased loyalty, satisfaction, and engagement from customers, as well as brand differentiation and uplift for themselves.” You can download the study here.