The European Union’s General Data Protection Regulation (GDPR) has been the single biggest external factor driving change in marketing practices over the last few years. With similar laws and regulations coming into effect in several U.S. states as well as other countries around the world, it’s still top-of-mind for a lot of companies.
Although GDPR has received a huge amount of media coverage in Europe since it went into effect in May 2018, its nuts and bolts are very complex and contain many nuances. Companies have been struggling with compliance: A 2019 Capgemini survey found that while 78% of organizations had expected to be compliant by June 2018, only 28% were actually compliant as of June 2019. Two-thirds of respondents have hired full-time employees to support their compliance efforts. Seventy-four percent of companies in a 2019 DataGrail study spent more than $100,000 on compliance consulting services and technology solutions, and 20% spent more than $1 million.
What Is This GDPR Investment Buying?
Our team was curious how high GDPR awareness really is across European consumers and whether these consumers perceive that it has had an impact on their lives. Since a primary goal of our recent survey of 2,512 European consumers released earlier this year was to understand attitudes about data privacy, we included several questions about GDPR. It’s important to note that our survey population consists of car owners who have purchased 2016-2019 model year vehicles.
A Few Highlights From Our Consumer Research
As we expected, the vast majority (83%) of our respondents are aware of GDPR. However, only 40% of those respondents who are aware of GDPR say they understand how it applies to them. European consumers have been exposed to a continuous stream of updates, but there are many distinct rights and a lot of complicated language. Even the experts don’t always agree on what processes are needed for compliance. So, we were not too surprised that its benefits are not always making their way to consumers’ eyes and ears.
Further, when we asked consumers the extent to which they believe GDPR is protecting their personal data, only 14% believed it had a big impact, and 50% said they have seen a difference in the way brands communicate with them. An even smaller percentage—just 6% of our entire sample—has seen a change in how automotive manufacturers communicate with them since GDPR went into effect. This is an important insight for the community.
Here’s a visualization of consumer perceptios with respect to automakers:
Given the huge investments that brands have made in GDPR compliance, it’s a bit discouraging to see their new marketing practices have not been visible to so many European consumers.
Key Takeaways for OEMs
In spite of years of publicity during the run-up to GDPR implementation and 20 months of first-hand experience since it went into effect, there are a large number of European consumers who do not understand it. And for those who say they are aware of it, many do not see the impact on OEM marketing practices.
Our full survey report provides a number of detailed recommendations, but here is a quick summary:
- Consider treating privacy as a brand pillar. Example: In the fall of 2019, Google ran a major ad campaign about its commitment to data privacy, with billboards and ads in major European airports and roadways. And we saw the impact of this in the survey; when asked which brands they trust most with their data, Google actually made the top of the list.
- Take a multi-channel approach to privacy education. Our survey findings suggest that there is a role for OEMs, dealers, service providers, and the car itself to play in educating consumers.
- Invest in transparency. Put systems and processes in place to be open about what data you collect, how that data is used, and with whom it is shared. And, be ready to respond immediately to consumer requests to see their data, as per the GDPR right of access to data
Our research found that transparency and trust are critical to earning consumer confidence, with 60% stating that it’s very important to be told exactly what data is being collected, how it is being used, and by whom. The steps outlined above address both of these goals.