Power to the people: GDPR ushers in a new age of customer control over their data
A new study indicates a majority of EU citizens will exercise their data privacy rights under the legislation.
There will be no need for customers to fight for their rights when it comes to data privacy. The General Data Protection Regulation (GDPR) affords consumers in the EU — also known as data subjects — a slew of newly defined rights concerning how their data is handled.
And if a recent study of European data subjects is any indication, global companies should be prepared for US citizens to also exercise those rights.
Last week, Pegasystems released findings from a new study that revealed a majority of European consumers plan to exercise their rights to view, limit, correct or erase the information businesses collect about them. Pegasystems provides companies with automation technology that can do a number of things, including retrieving user data.
Jeff Nicholson, VP of CRM product marketing at Pegasystems, told me that US multi-national companies should be prepared to hear from their customers.
“I think it serves as a wake-up call that 87 percent wanted to access their data once GDPR is in effect,” Nicholson said.
In addition, the study showed that 47 percent of customers would exercise their right to access their data and 22 percent would ask companies to erase their data altogether, invoking what is commonly known as their “right to be forgotten.”
Businesses themselves trigger consumer action
“It became clear in the data that it is the business’s own actions that will often serve as a trigger,” Nicholson said.
In other words, a customer might only invoke these rights if they had reason to believe their data was compromised or used inappropriately. These triggers could include awareness of their data being sold, receiving a robocall, or even a bad customer service experience.
Nicholson said that he believes a survey of US consumers would likely have the same result.
“In terms of the appreciation of some of what these rights provide, the prioritization could be the same. We did see that (within the EU) some geographies were different. I would imagine a forward-looking state such as California might be a likely candidate to be inspired by the GDPR,” Nicholson said.
Building — and keeping — consumer trust is key
The Online Trust Alliance (OTA) released 2017 Email Marketing & Unsubscribe Audit, an analysis of the top Northern American retailers’ newsletters and promotional emails, in December. The report concludes that “consumers can generally trust large retailers to honor their requests,” according to a press release.
“With the EU General Data Protection Directive taking effect May 25, 2018, organizations need to embrace best practices and be more sensitive than ever to regulatory environments and where their customers reside,” Craig Spiezle, OTA founder and chairman emeritus, said in the release. “Building trust takes time and embracing stewardship today will provide future trust dividends.”
Data collected in the Pegasystems survey concurred: “Trust will be a key factor as consumers that suspect companies are improperly using their data are more likely to exercise their GDPR rights than others.”
GDPR also includes provisions that require clear and affirmative consent, as well as enhanced protections of children’s data, making for a much richer slate of protections for consumers moving forward. Transparent companies that work to maintain consumer trust will fare the best as consumers claim their data rights.