On the 25th of May 2018 the General Data Protection Regulation (GDPR) came into effect. This new privacy law has increased the amount of control European Union citizens have over their personal data. Customer data has become of strategic importance to companies, as personal data is valuable across different business operations, such as forecasting, inventory management, differentiating products and offering personalized products (Chellappa & Sin, 2005).
The GDPR requires businesses to change the way they collect, store and process personal data. GDPR compliance costs are high according to business reports; the International Association of Privacy Professionals (IAPP) released a report which indicated that companies who employed IAPP professionals spent an average of 1.3 million dollars in 2018 on GDPR compliance (IAPP-EY, 2019). You can understand that businesses are not too happy about the GDPR, as it costs time and money. However, it is important to look a little further than such business reports.
For starters, increased customer privacy control is suggested to increase the likelihood consumers click ads. Tucker (2014) did a randomized field experiment among 1.2 million Facebook users in which ads were twice as effective after Facebook had updated their privacy policy which gave users control over their privacy. Culnan and Armstrong (1999) found that disclosing fair information practices can lure a customer into acting against their privacy concerns. These studies may have taken place before the GDPR ever existed, but they are very relevant as the GDPR requires companies to adopt fair information practices, disclose those to consumers and generally give consumers increased control over their privacy. Studies suggest consumers’ purchase likelihood might increases as a result of the practices companies adopt due to the GDPR.
Additionally, the process of becoming GDPR compliant forces companies to revisit all data processes that include personal data. Revisiting processes will likely lead to improving those processes. This may help the company perform better and thereby cut costs. Also, it would make sense for companies to investments into better data management systems as a result of the GDPR, which will also help companies across operations.
Besides better data processes and better data management systems, data itself will also be better as a consequence of the GDPR. The GDPR allows consumers to rectify their data, which will result in more accurate data which in turn will lead to better forecasts. Also, customers now give their consent before data is collected which means companies will send marketing messages to interested customers only. Now that’s a great way to save money!
Besides the increased costs companies experience in becoming and remaining GDPR compliant, there are different merits to the improved privacy policy. The coming years will tell whether the GDPR has had a lasting effect onto companies or whether companies simply had to adjust. For sure, the last word has not been said yet about the regulation. On that note, tell me what you think!
References:
Chellappa, R. K., & Sin, R. G. (2005). Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma. Information Technology and Management, 6(2-3), 181–202.doi:10.1007/s10799-005-5879-y
Culnan, M. J., & Armstrong, P. K. (1999). Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation. Organization Science, 10(1), 104–115.doi:10.1287/orsc.10.1.104
IAPP-EY. (2019). IAPP-EY Annual Privacy Governance Report 2018. Retrieved from: https://iapp.org/media/pdf/resource_center/IAPP-EY-Gov_Report_2018-FINAL.pdf
Tucker, C.E. (2014). Social Networks, Personalized Advertising, and Privacy Controls. Journal of Marketing Research, Vol. 51, No. 5 (October 2014), pp. 546-562
Interesting article! This very much goes against my (and I think a widely shared) assumption that the GDPR has only negative consequences for businesses. I also think that by being forced to pay attention to responsible data management, businesses are more likely to explore the value (their) data can have for the business.
Thanks Thomas! I also believe most people regard the GDPR negatively while they should look further than their nose is long (as the Dutch saying goes). Good point about responsible data management and that businesses will be more likely to explore the value data can have for their business. I sometimes forget that some businesses do not think about their data at all yet…
Very interesting how this new data protection privacy law has these unexpected, but very advantageous side effects for companies! However, these side effects are measured for bigger companies I assume, that already have people working on maintaining databases and are proactively using the customer information they have. So what about small companies, that do not have the experience in this field? I suppose it is really hard for small and mid-sized companies to adjust their database to all these new rules and regulations, and to give their customers access to and allowing them to rectify the data gathered by this company. I believe someone should investigate the impact on these companies, and at what costs this new law comes for them.