With the production of data doubling every 24 months – and cyberattacks multiplying (92% of large firms and administrations were attacked during 2017 compared to 80% in 2016), the European legislator has strengthened European laws on the protection of personal data with GDPR. This reinforces and creates new rights for people, increases data security requirements and makes businesses much more accountable. To accompany these businesses faced with this challenge, Havas and Baker McKenzie have joined forces to meet two objectives: protect the reputation of businesses and transform the GDPR into an opportunity to help them become data friendly.
For e-consumers, GDPR offers new legal means to tighten their control over their data such as the right to data portability or group action. Munition that will certainly be used by 73% of French people who say today that they are concerned about the protection of their personal data and 55% who declare that they are ready to take legal action against firms which do not comply with the GDPR and violate their privacy.
GDPR obliges companies to inform CNIL (French data protection authority) of any security breaches incurred and, in the event of a high risk for individual liberties, they must also inform the persons concerned. This risk is far from theoretical in view of the frequency of data breaches today.
All companies, even the most virtuous and GDPR compliant, are faced with this risk. A security breach leads to a cumulation of different types of risk for a company, some of which are particularly serious.
They may be faced with criminal proceedings leading to the indictment of the company and its manager, group action and have sanctions imposed by CNIL which may amount to up to 4% of annual global turnover.
Yann Padova, Partner at Baker McKenzie, explains that “other than the legal risks, companies are exposed to real reputational damage. With the generalisation of the “Name & Shame” practice, company image, and as such the trust of their clients, is at stake. 81% of French people are prepared to boycott a brand or service which does not comply with GDPR and which breaches their privacy. Companies, which cannot grow without trust, will have to anticipate and manage these “data crises”, or risk losing market share. They will therefore need to prepare, starting from now, for “the day after” May 25, 2018 when associations, unions and NGOs may take them to court”.
Stéphanie Prunier, Partner at Havas, recalls that “GDPR is not just a risk. It also represents a chance at differentiation through the quality brought to data protection. Being GDPR compliant is not an end in itself. Taking up a data-friendly position in one’s brand DNA, instilling a culture of Privacy, auditing the risks to anticipate crises, appropriating codes of good conduct or labels will allow enterprises to transform GDPR constraint into a veritable opportunity to build trust through transparency”. An attitude expected by 45% of French people who say they are ready to pay more for a brand which adopts an ethical approach to the management of personal data.
Havas Paris and Baker McKenzie present the results of a study carried out by OpinionWay during the month of May 2018, just a few days before GDPR comes into force on May 25, 2018.
The results show the growing concern of the French people about the management of their personal data:
- 7 out of 10 French people are increasingly concerned about the use of their personal data by on-line companies and services and the risks that this may have on their private life;
- 8 out of 10 French people are ready to boycott a brand, a company or service which does not comply with personal data protection regulations and which violates their privacy;
- 55% of French people are ready to take legal action against a brand, company or service which does not comply with personal data protection regulations and which violates their privacy;
- 45% of French people are ready to pay more for a brand, company or service which adopts an ethical approach to the management of personal data even if free services exist.
- 54% of Millennials (less than 35 years’ old) are also prepared to pay more;
- 57% of French people pay attention, before choosing a product, to the data protection practices of the brand, the company or the service provided.