GDPR - Opportunity or Threat?

WM Circle Logo

By: Mike Capizzi, CLMP™ |

Posted on May 17, 2018

New research from IBM concludes that GDPR and changing consumer attitudes are causing companies to re-evaluate everything they do with personal data.  One unexpected result maybe a decrease in the amount of data collected, stored and analyzed for marketing purposes, including loyalty programs.

By Mike Capizzi, CLMP

A new study from IBM reveals that nearly 60 percent of organizations surveyed are embracing the General Data Protection Regulation (GDPR) as an opportunity to improve privacy, security and data management.  Furthermore, most of the companies are being more selective in the data they collect and manage, with 70 percent disposing of data ahead of the deadline for compliance

Companies' preparation for GDPR comes in the wake of increased scrutiny from consumers on businesses' management of personal data. A separate poll of 10,000 consumers, conducted by the Harris Poll on behalf of IBM, found that only 20 percent of U.S. consumers completely trust organizations they interact with to maintain the privacy of their data.

In the weeks leading up to the May 25, 2018 enforcement date, IBM's Institute for Business Value (IBV) surveyed over 1,500 business leaders responsible for GDPR compliance for organizations around the world. The results reveal how companies are approaching GDPR as an opportunity to build further trust with customers and help drive innovation:

  • 84 percent believe that proof of GDPR compliance will be a positive differentiator to the public
  • 76 percent said that GDPR will enable more trusted relationships with data subjects that will create new business opportunities
  • Despite this opportunity, only 36 percent believe they will be fully compliant with GDPR by the May 25 deadline

Key Quote from IBM’s Cindy Compert, CTO for Data Security and Privacy:

"GDPR will be one of the biggest disruptive forces impacting business models across industries – and its reach extends far beyond the EU borders. The onset of GDPR also comes during a time of huge distrust among consumers toward businesses ability to protect their personal data. These factors together have created a perfect storm for companies to rethink their approach to data responsibility and begin to restore the trust needed in today's data-driven economy."

Another key finding of the study is that organizations are using GDPR as an opportunity to streamline their approach to data and reduce the overall amount of data they are managing. For many organizations, this means vastly cutting down on the amount of data they collect, store and share. According to the new study, organizations reported taking the following actions in response to GDPR:

  • 80 percent say they are cutting down on the amount of personal data they keep
  • 78 percent are reducing the number of people who have access to personal data
  • 70 percent are disposing of data that is no longer needed

A best practice in loyalty marketing has long advocated that programs should only collect the data that they will use. Compiling a long list of personal attributes or associations with other accounts or requiring multiple fields of personal information on loyalty program registration forms is not only unnecessary, it could make compliance with GDPR even more cumbersome.

The study also identified other key challenges associated with GDPR:

  • Locating all the personal data in disparate databases and systems
  • Verifying the accuracy of the data they collect and store
  • Complying with rules for how data is analyzed and shared
  • Handling of cross-border data transfers and getting consent from data subjects - less than half of respondents said they were prepared for these aspects of GDPR.
  • Meeting the requirement for companies to report data breaches to regulators within 72 hours. The survey found that only 31 percent of companies have reexamined or modified their incident response plans to prepare for this requirement, representing a blind spot in companies' overall approach to GDPR.

While challenges remain, a significant sub-set of companies surveyed (22 percent) are using GDPR as a fully transformational business opportunity for how they approach data responsibility and management. Of this "leaders" subset:

  • 93 percent have modified their incident response processes
  • 79 percent said they were prepared for performing data discovery and ensuring data accuracy
  • 74 percent said they were fully implementing security and privacy by design for new products and services

The survey was conducted among 1,500 GDPR leaders in 34 countries, representing 15 industries, between February and April of 2018. Chief Privacy Officers, Chief Data Officers, General Counsels, Chief Information Security Officers and Data Protection Officers were surveyed.

The full set of issues involving GDPR for loyalty marketers gain more clarity with each passing day. While uncertainties remain, it is becoming increasingly clear that the new regulations offer both a threat and an opportunity for loyalty programs. How will you respond?

Mike Capizzi is the Dean of The Loyalty Academy and a Certified Loyalty Marketing Professional™.