Shift from GDPR readiness to sustained compliance to improve your business and your customer experience (Identity Live Berlin 2018)

Shift from GDPR readiness to
sustained compliance to improve your
business and your customer experience
Enza Iannopollo, Analyst

5© 2017 Forrester Research, Inc. Reproduction Prohibited
Customer consent was a given

Privacy Policies were unreadable

Customers
would never
refuse a cookie

Customers’ data
was firms’
prisoners
forever

Privacy and
security risks
were not on
customers’ mind

Disclosure of
data to the
wrong
customers was a
common mistake
Cash withdrawal notice from
Banco del Austro informs you that has been made (a)
withdrawal from BANRED 02550009-CPN-ATM0009 -
THE PINTAMATRIZ QUITO EC EC on 2018/05/09
072734 4931XXXXXXXX7839 your card for $ 20.50.
If this transaction was not authorized contact Customer
Service at 1800-228787 or 07-2832500.

Welcome to a GDPR-compliant world

Consent is an opportunity to build trust & engagement

Privacy Policies
are user-friendly
and inspire trust
in the brand

Cookies require
clear and
specific consent

Flexible and
transparent data
architecture
supports data
subject rights

And the customers?

https://www.forrester.com/report/Best+Practices+For+Privacy+And+GDPR+In+Financial+Services/-/E-RES133848
74% of consumers are ready to switch to a competitor
if their bank or insurer suffered a data breach

Security and privacy concerns deter 47%
from using digital channels
https://www.forrester.com/report/Best+Practices+For+Privacy+And+GDPR+In+Financial+Services/-/E-RES133848

Source: Forrester’s market research online community (MROC), 2017
– I will be more
knowledgeable about who
uses my information
– I will feel more comfortable
about using the internet
– It will get much better as I
will be able to ask for info
to be deleted
I hope my online experience
becomes less targeted and
more generic. I hate when
websites tracks what I view
and then target me with
advertising based on my
browsing history.
“
“
“
“
Privacy and GDPR are key to build trust

Consumers will request their information be deleted and
their data not used for marketing purposes
Base: British Online Adults (18+) 3,285
Source: Consumer Technographics Online Benchmark and Recontacts, 2018
18%
14%
11%
11%
30%
32%
27%
27%
52%
56%
62%
63%
Request a copy of the information companies have about
me
Ask companies to correct or update information they have
about me
Request that companies not profile me for marketing
purposes
Ask companies to delete information about me
Not likely (1,2) Middle (3) Likely (4,5)
How likely are you to exercise the following rights related to
General Data Protection Regulation (GDPR)?

Violations of the
rules – including
failure to
properly identify
and verify
customers’
identity – will be
expensive
1. Additional security requirements as a
result of enforcement action
2. Diminished customer trust
3. Reputational damage
4. Privacy abuses
5. Regulatory fines

Fully compliant
29%
Compliant by
May 2018
20%
All others
51%
49%
Which of the following best describes your firm’s GDPR
compliance efforts?
Base: 3,195 global security decision makers at the manager level and above
Source: Forrester Data Global Business Technographics® Security Survey, May 2017
A lot of work
remains to be
done

May 2018 was
just a starting
block

GDPR Compliance is an ongoing journey…

…Shift your strategy from GDPR
readiness to sustained compliance

Recommendations for less mature programs
› Be part of a interdisciplinary team leading the GDPR program
› Build a gap analysis about high risk data processing activities
• Sensitive personal data
• Cloud
• Third party data sharing
› Adopt a risk assessment framework
› Build a compliance roadmap and document progress as you
execute
› Prioritize remediation on consent, re-consent, and data subject
rights

Recommendations for intermediate programs
› Expand your data mapping and gap analysis to third parties
› Review third-party contracts, SLAs, and perform due diligence
› Focus on governance, processes, and people’s skills as you move
forward in your implementation plan
› Build identity verification into your data subject right processes
› Execute consent and re-consent strategies quickly
› Collect evidence of your compliance efforts and progress on an
ongoing basis.

Recommendations for advanced programs
› Leverage automated discovery and classification of data to feed
into your compliance software and risk assessment frameworks
› Augment your third party risk management frameworks
› Expand the scope of the program to include CX, marketing, and
digital teams to design the “privacy experience” of your customers
› Optimise the process to support “privacy by-design”
› Roll out GDPR training to all employees
› Measure the progress of your GDPR compliance program against
broader business goals

GDPR compliance programs deliver business benefits
1. Improved customer experience
2. Better understanding of data assets and improved data strategies
3. More mature and articulated data governance practices across the
organization
4. Better privacy policy management
5. A more solid (or a new) corporate culture for data privacy

FORRESTER.COM
Thank you
Enza Iannopollo
+44 (0)20 7323 7634
eiannopollo@forrester.com

Shift from GDPR readiness to sustained compliance to improve your business and your customer experience (Identity Live Berlin 2018)

More Related Content

What's hot

Similar to Shift from GDPR readiness to sustained compliance to improve your business and your customer experience (Identity Live Berlin 2018)

More from ForgeRock

Recently uploaded

Shift from GDPR readiness to sustained compliance to improve your business and your customer experience (Identity Live Berlin 2018)