GDPR: High Costs for Zero Returns?

GDPR: a useless and expensive waste of time!

This is what we often hear about privacy and compliance with European data processing legislation (GDPR). Thus, companies face sanctions by failing to comply with the privacy regulation, believing that the GDPR has excessive costs. In reality, it is not really so and, in these lines, we will try to motivate this affirmation.


Does the GDPR have high costs for zero returns? Not exactly

Let’s start with some data that emerged in the last few weeks about the sentiment of citizens and therefore how all the companies’ customers behave with respect to privacy and data processing:

– 95,000 complaints from European citizens in 8 months of full application of the GDPR (source: European Commission);
– 91% of American citizens (source: Pew Research) feel that they have lost control of their data and do not know how to reclaim it.

These data indicate a strong interest in our possible target on how their personal data is acquired, managed and used. Further confirmation is that privacy laws (or rather, on the processing of data, reported or referable to natural persons) have been approved or are being approved around the world (see Uganda, Thailand, USA).

What does this mean for a commercial reality? A product/service is designed to meet an expressed or latent need, this can be true (in a loose sense) also for a proven management of privacy: the customer asks for transparency and the possibility of checking the information concerning him and the company offer it to him knowing that my effort will certainly be appreciated.

Indeed, such action has two positive aspects:

– allows it to be recognized by the target as more suited to its competitors’ expectations (immediate identification);
– it inspires confidence in the economic system and, to benefit, it is all the companies that contribute to increasing it, and not those who do not adapt.

Therefore, one benefit I will get is a greater commercial strength but also a greater efficiency (see the GDPR important milestones).

According to Cisco’s 2019 Data Privacy Benchmark, in fact, those who invest in data protection have fewer sales delays, fewer violations and related economic losses, and greater agility (for 75% of respondents).

The costs of loss of reputation

Now let’s talk about a cost that, especially for small businesses, can become unsustainable: the loss of reputation.

Often, in fact, in the considerations that are made about the application of the new rules included in the GDPR, only the financial cost is considered; if, however, I am the victim of a violation of my systems, or if we discover (as is increasingly asserted in the case of Facebook) that I share them to make a profit without the people to whom they refer are fully aware of these actions of mine, I lose customers for the benefit of my competitors.

In the case of Facebook, a company with more than significant economic and commercial strength, we have seen a loss of users (2 million under 25 in 2018 alone according to eMarketer).

And for those who do not have the same financial capacity? As you know, keeping your customers is much less expensive than buying new ones, so think about it. Furthermore, it should not be forgotten that there are companies, even large ones, that make respect for privacy their differentiating factor and are increasing profits. A case that is emerging is that of the search engine Duckduckgo that does not keep track of the requests made by the user, does not make targeted advertising, does not sell its information to advertisers and, lately, is seeing its profits (and its base users) in clear growth.

Therefore, dealing appropriately with user data does not only imply costs but can also make money.