Growing Pains and Shrinking Trust: Reflecting on 5 Years of GDPR

GDPR has undoubtedly had a huge impact since it went into effect five years ago. The landscape of data privacy looks very different now: companies being subjected to huge fines for regulatory breaches and customers are much more aware of their personal data rights and the obligations placed on businesses to safeguard them. 

Meanwhile, similar comprehensive legislation has followed in GDPR’s wake around the world – such as Brazil’s General Data Protection Law (LGPD) and a growing number of state privacy laws in the U.S. – with the result that businesses are now a great deal more conscious of their data privacy obligations than they were in the past.

However, it has not been all plain sailing. We have witnessed the Data Protection Authorities issue more than 1,600 fines totaling almost 4 billion euros for GDPR violations. This included Meta, hit recently with a record 1.2 billion euro fine in late May. Moreover, with concerns about the role national governments are playing (or not playing) in encouraging compliance with GDPR, customer trust in businesses is shrinking with almost 49 percent of consumers concerned about sharing any more data than necessary with companies.

Read More: Avalara Launches Sales Tax Calculator Plugin for ChatGPT

Perhaps even more concerning are the results of recent research conducted by my company, which found that 33 percent of global consumers would no longer use or buy from a company they were previously loyal to if it failed to protect their data from a breach.

So, as we mark this anniversary by wishing many happy returns to the EU’s flagship data regulation, it is worth reflecting on the highs and lows so far and thinking about how businesses can improve data privacy strategies to forge stronger bonds of trust with consumers and regulators alike. 

20 years and 5 minutes 

Warren Buffet said once that it takes 20 years to build a reputation and five minutes to ruin it. That is about as true, or more so, than it has ever been, with the watchful eyes of social media and the 24-hour news cycle ready to pounce on corporate slip-ups at a moment’s notice.  

This scrutiny is perhaps the primary reason that boardroom conversations are still heavily focused on reputational management and why business leaders are so cautious with the investments they make. In terms of data management, organizations are still developing their privacy strategy to not only address regulatory compliance and risk mitigation, but they are equally, or perhaps more focused, on how to implement policy, processes, and technology in a way that helps reinforce brand trust and maintains customer loyalty. With a more informed and empowered community, greater attention is directed to how organizations can deploy their data management strategy to ensure process defensibility and security to earn the right to personal data custodianship. 

 Leveraging technology and data centricity to win trust. 

For privacy program development, organizations must take a data-centric approach, underpinned by information governance, to win the trust of its customers. With customer scrutiny of data handling activities at an all-time high, getting one’s “digital house in order” will remain a key priority. Organizations will need to leverage strong information retrieval, data discovery and classification tools that improve risk mapping, categorization, and bolster retention considerations needed to support data minimization and purpose limitation requirements under the GDPR (and other similar privacy regulations).  

Read More: Microsoft Build 2023: 5 Big Announcements & Key Takeaways

With the rise in awareness and steady influx of subject rights requests, organizations will also find it extremely difficult to fulfill these requests with the limited resources available and reliance on many manual activities to perform critical tasks. Advanced analytics and AI are being harnessed to automate and optimize responding to subject or consumer rights requests – shortening lead time and minimizing operational burdens. Information retrieval and eDiscovery tools are becoming invaluable to support these activities, especially data subject access requests (DSARs). Teams are designing workflows and leveraging theses tools to support complex search, review, automated redaction, and production activities required to meet prescribed deadlines and deliver more accurate responses especially for high-effort requests.     

Leveraging these solutions is a key step to moving beyond the growing pains of a maturing data management strategy and winning back the trust of privacy-conscious customers. It also provides companies with an information advantage for competitive differentiation.  

At a time when customer distrust in businesses is rising and focus on data protection more intense than ever, we should use the anniversary of GDPR to reflect on how we can solidify business reputations earned over the years and guard against the potentially disastrous moments Buffett warned of. This is the perfect occasion to take stock of the progress made so far and to formulate new plans to optimize and improve data management strategies for the next five years – and beyond.

Read More: MinD-Video: A Video Generative Tool That Uses Augmented table Diffusion