Show you take data privacy seriously! | KPMG | NL
Share with your friends

Data Privacy Day: Show you take data privacy seriously!

Show you take data privacy seriously!

The 28th of January 2017 was Data Privacy Day. An international day to consciously reflect upon the protection of our own personal data, and to promote consumer awareness on protecting theirs. But what does privacy exactly mean to consumers?


Partner Cyber Security

KPMG in the Netherlands


Related content

Research carried out by KPMG among 6900 respondents from 24 countries in total shows us that consumers are ambivalent in their opinion on privacy. Sharing personal data in exchange for additional services or convenience is often fine by most consumers. But as soon as it gets more commercial, consumers are less ok with giving away their personal data. Just as consumers have to make choices on sharing personal data, organizations need to think about the processing of personal information as well. Choices that go beyond how to be compliant to laws and regulations. Do you want your organization to be on the edge of what is allowed, and by doing so, benefit from the collection and processing of customer data, or do you want fair processing of personal data to be one of your company’s unique selling points?

Surpassed the border of suitability?

A device that allows ambulances to detect where your vehicle is located when you are involved in an accident; that is something which many people (78% of respondents in our survey) found very useful. But if it is a taxi company that uses the same data to offer us a ride when we get off the train, 63% of the respondents find this surpassing the border of suitability in case of privacy. The same technique, the same convenience, triggering a totally different reaction. This example illustrates the way consumers think about privacy. On one hand, consumers are often reluctant to reveal personal information, but on the other hand, they are often unwilling to compromise on ‘convenience’. How should an organization deal with that? And what consequences do companies face as a reaction of consumers when it comes to privacy related issues? If a mobile phone supplier indicates in their terms and conditions that privacy of personal data is not guaranteed, do we chose another brand, or do we embrace the benefits of our new gadget? Do we even have a choice, or do we give away a piece of our privacy every time we make a call, or send a Whatsapp message or an email?

Not just compliant

Complying with legislation is, of course, a prerequisite for each organization. As of May 25th 2018, the new European privacy regulation will be enforced: the General Data Protection Regulation (GDPR). Most organizations still have a long way to go before they are compliant. In the coming one and a half years, the focus of many organizations will be on meeting these requirements in time. But if you want to show your customers that you take privacy seriously, solely meeting the GDPR’s requirements could be not sufficient in the future. You will have to develop a vision regarding privacy as well, and think about the strategy with regard to privacy for your organization. This strategy can vary significantly: you can choose to use personal information entrusted to your company by using the data in such a way that you can benefit from all opportunities this data offers your company. Obviously while abiding the law, but walking a thin line.
Or you can consciously choose for the opposite approach. By doing so you tell your clients: your personal data is safe with us and we will do everything in our power to ensure that. With this approach you can distinct yourself in a positive way, especially in certain sectors such as retail, technology or social media (sectors for which our research they lack trust by consumers when it comes to processing their personal data). In a world in which data is the new fuel of the economy – and in which a data breach can be the new ‘Deep Water Horizon’ of personal data – protecting personal data is clearly important. And no matter how ambivalent consumers are, our study also shows us that 84% of the respondents indicate that they have insufficient control over the way organizations use their personal data. Reason enough to meet them in the middle!

Step-by-step plan

Seven steps to have your privacy policy in order:

  1. Educate stakeholders in senior positions so that they understand what privacy means for the organization.
  2. Create insight into the privacy risk that your organization faces.
  3. Create insight into the expectations of the individuals from whom you use the information, and have a privacy strategy in place that is in line with those expectations.
  4. Get a picture of the current 'privacy-maturity' of the organization and formulate a clear strategy to achieve the level of maturity privacy you have in mind. 
  5. Develop a solid plan to reduce privacy risks and achieve your goal.
  6. Execute your plan. Introduce sustainable structures that help you to manage privacy risks, ensure compliance, but also provide a solid foundation for flexible use of personal data so you can create value for the organization, your customers and your employees.
  7. Monitor, hold on and repeat.

You can find KPMG’s research here

Author is Koos Wolters, partner and data privacy specialist at KPMG

Connect with us


Request for proposal