GDPR Compliance as a Competitive Advantage

GDPR Compliance as a Competitive Advantage
Author: Laszlo Dellei, MBA, CISA, CGEIT, CRISC, C|CISO, ISO27LA, CEO of KERUBIEL LTD.
Date Published: 16 January 2019

Last year was a milestone in the field of privacy as the General Data Protection Regulation (GDPR) put privacy into the spotlight in and outside the European Union. The heightened interest in data protection resulted in the growing publicity of unlawful data processing, data breaches, and similar incidents, drawing the attention of the general public to the conduct of data controllers.

One example is Facebook, which has misused the personal data of its users on multiple occasions. As a result, many users decided to delete or hibernate their accounts, a process that may lead to significant loss of income to the company, which has partially based its business model on the economic exploitation of users’ information. The case of Facebook, as well as data subjects’ reaction to similar scandals, highlights the importance of the relationship between the use of personal data, data subjects’ trust, and the digital economy.

Consumer confidence is a well-known notion in economics. Consumers express their trust by paying for a product or a service and, at the same time, they are hesitant to buy goods that they do not trust. Therefore, commercial relations are based on trust. In the age of information society, consumer confidentiality has been reshaped: consumers may express their trust not only by paying a certain amount of money for goods, but by providing certain personal information. However, using one’s personal data leaves the individual vulnerable to a certain extent. Unlawful processing of this information leads to a lack of trust on the consumers’ side. Without trust, the consumer will not provide personal data for the products or services, and thus there may be no commercial relations, leading to the loss of income of the controller. Consequently, the data-driven economy has become particularly reliant upon the proper handling of personal data.

GDPR has significantly amplified the importance of the correlation between data protection and consumer confidence. One consequence of the heightened attention concerning the application of the regulation is that individuals are more interested in the way controllers process their personal data. New institutions introduced by the European regime resulted in the wide publicity of incidents and the reactions given by controllers, proper or otherwise. The public is informed about breaches concerning millions of individuals almost on a daily basis, which leads to the erosion of consumer confidence on many occasions, such as in the case of Facebook. These data subject thus began to demand more responsible governance of their data, and, in many cases, even deleted or suspended their accounts. Since Facebook has based most of its income on the use of data relating to users, these events may lead to serious losses to the company.

As a summary, proper processing of personal data strengthens consumer confidence in the digital age. A lack of trust results in the lack of consumer willingness to buy certain products or services. On the other hand, users tend to provide their personal data to the controllers they trust, thus generating income and economic growth for those organizations. In other words, GDPR-compliant conduct by the controller constitutes a competitive advantage.

Editor’s note: For more related to this topic, read “Maintaining Data Protection and Privacy Beyond GDPR Implementation.”