Leveraging GDPR to Become a Trusted Data Steward

Related Expertise: Data and Analytics, Digital, Technology, and Data, Data and Digital Platform

Leveraging GDPR to Become a Trusted Data Steward

By Elias BaltassisJohn RoseAntoine GourévitchAlexander LawrencePatrick Van EeckeRoss McKeanDenise Lebeau-Marianna, and Jeanne Dauzier

Data-driven transformations—in which companies apply sophisticated data analytics to all aspects of their operations, from R&D to manufacturing to supply chain to marketing to sales—are a potentially game-changing phenomenon, promising massive gains for successful companies. But concerns about data misuse have led to various efforts to regulate the handling of shared data.

In the EU, one major regulatory effort in this area is the General Data Protection Regulation (GDPR), which sets detailed standards for appropriate use by companies of consumer data. The GDPR will come into force in May 2018 and will apply to virtually every company or organization that handles data on citizens of the EU. The new regulation requires that consumer consent be explicit, and it stipulates that consumers have the “right to be forgotten” and the “right to data portability”—rights that make companies more accountable for how they process personal data under “privacy by design” and “privacy by default” principles. To enforce these changes, the GDPR gives the regulator power to levy financial sanctions of up to 4% of a company’s annual worldwide revenue or €20 million—whichever is higher.

The Boston Consulting Group and the global law firm DLA Piper have collaborated to produce a new report, Leveraging GDPR to Become a Trusted Data Steward, that examines key features of the new regulation, considers the readiness of companies to meet its provisions, and (perhaps most significantly) inquires into a mismatch between what many companies imagine to be the sources of consumer mistrust over data use and consumers’ actual concerns.

BCG conducted research in five European countries—France, Germany, Italy, Spain, and the UK—and in the US to test consumer confidence about data privacy. The research showed that consumers are increasingly uneasy about sharing personal data, whether it be financial, familial, locational, or use based. Moreover, the research indicated that certain industries, including, notably, online companies, financial companies, and governments, are especially suspect in consumers’ eyes.

But the biggest surprise may be that BCG’s research uncovered a counterproductive tendency by many companies to collect and use customer data in “recklessly conservative” ways. On one hand, they avoid using data in ways that consumers are least hostile to; and on the other, they fail to inform consumers about or ask their permission for data use, even though consumers clearly want those things.

The BCG/DLA Piper report outlines a straightforward process by which companies can move swiftly from simple compliance with the GDPR to smart compliance with it, and from there to trusted data stewardship in the eyes of their customers. And the benefits of consumer trust can be very large: BCG research shows that consumers are at least five times as likely to share data with a company they trust as with one they do not.