GDPR: Non-compliance affects customer experience

It is coming up to one year since the introduction of GDPR and it certainly hasn’t been a smooth transition for most businesses. Since its implementation, there has been a surge in high-profile breaches, with companies such as Facebook, British Airways and Marriott in the spotlight for not adequately protecting customer data. While the struggle to become GDPR compliant has been evermore challenging for SMEs and micro-businesses, who have less capacity and resources to implement the required data protection processes. This is echoed in the results of a recent cyber survey that shows over half of SME and micro-businesses are either confused or don’t understand how to apply GDPR rules to their company, while a staggering 8 out of 10 don’t see cyber attacks or data loss as problematic.

One of the lesser discussed consequences of non-compliance for all businesses, extends beyond the legal considerations, with companies running the risk of seriously damaging their customer experience. In the run-up to GDPR, customers were sent a flurry of panicked emails from companies explaining the new rules and asking them to opt-in to future marketing communications. Between this, the widespread GDPR-related media coverage and the rapid evolution of consumer awareness, customers are beginning to gain a better understanding of their rights as a consumer and their powers to curtail how companies use their data. While companies have long considered customer data to be a business asset, GDPR has created a shift whereby customers now have the power to take back ownership of that data. With this power, they can now choose what personal data companies hold and ask them to delete data they don’t want  to be stored. This consumer awareness is reaffirmed by a new survey from Pegasystems that found 82% of EU residents plan to use their new rights to view, limit or erase their personal information that companies have on file.

With this in mind, it is imperative that companies are on top of GDPR compliance and prepared for customers to exercise their consumer rights. If they do not have adequate policies and systems in place to protect data and manage customer requests, the implications can be far-reaching and cause irrevocable damage to their customer relationships. Businesses should be prepared for customers to submit data requests and should have a streamlined process in place to handle this in a way that adds to the customer experience rather than diminishes it.

The far-reaching consequences of ignoring GDPR are illuminated in another recent study that found 93% of consumers blame and hold the company accountable when a data breach occurs, while 70% claimed they would stop doing business with the company entirely if their personal data was compromised. The absence of a multi-disciplinary approach to GDPR increases the risk of cyber attacks, which shows customers the business does not have a customer-centric attitude and ultimately damages the brand and its reputation. Not implementing GDPR effectively also means that if customers do want to exercise their right to submit data requests or changes, there are a lack of systems in place to make this happen which erodes customer trust in the company. 

Instead of viewing GDPR as an arduous process, companies should look at it as an opportunity to improve customer experience by increasing transparency and trust, which in turn strengthens relationships and increases customer loyalty. According to Emmanuel Richard, Associate Director of Extens Consulting, a firm of Sitel Group “The GDPR should not be seen as a constraint. Meeting compliance requirements, in fact, creates terrific opportunities for organizations to showcase their care and respect for their customers on a personal level by building a relationship based on trust.” In the long term, companies that invest in making GDPR about improving their customer experience will ultimately have a competitive advantage. Customer experience should be at the heart of every company ethos and GDPR is the perfect opportunity to implement and solidify existing systems to ensure a deep-rooted customer-centric approach.

Implementing GDPR measures to drive customer experience:

• The era of harvesting “Big Data” has come to an end and companies will now have to have a clear understanding of the purpose of storing the data. Organisations should clean up their data management by disposing of redundant, obsolete and unnecessary files. Storing large amounts of data has been replaced by personalisation and the customer experience is now the underlying driving factor. To facilitate this, customer data will need to be accessible on one platform to help companies easily process data requests, deletion, anonymization, and reporting on data.
• It is important that all company employees adopt a GDPR mindset. Everyone in a company is responsible for customer experience and every department should be doing their part to apply the GDPR rules. This cultural shift can be achieved through a comprehensive communication and training strategy. Everyone who collates or processes data should have a clear understanding of the rules, why data is collected, how it is used, where it is stored and how it can be destroyed.
• Organisations should take a proactive and preventative approach to potential data breaches and cyber attacks. Cybersecurity is not just the IT department’s responsibility and the onus to understand and implement security measures falls on everyone in the organisation. Employees may benefit from taking a cyber awareness course to ensure they understand potential attacks that can occur and how to prevent them. In addition, adopting more comprehensive and secure data storage systems will minimise the likelihood of a breach.