By now, many consumers in Asia and elsewhere would have received at least a couple of e-mails from merchants asking for consent to continue receiving marketing messages under Europe’s General Data Protection Regulation (GDPR) that kicked in today.
As a law that transcends Europe’s borders, the GDPR requires organisations to take measures to protect the personal data of European citizens and residents everywhere. Without always knowing your nationality or residency status, many merchants have chosen to seek consent from all their customers, not just in Europe.
After all, it’s better to play safe than risk incurring hefty fines of up to 4% of annual global turnover – though it is uncertain how the GDPR rules can be enforced globally.
There’s no doubt that financial penalties can spur companies into action, especially those that have been dragging their feet on data protection, thinking that cyber breaches will never happen to them.
But what’s more effective in driving greater compliance is to convince companies that data protection is a source of competitive advantage, and not a cost centre.
Recent studies have shown that many consumers still do not trust merchants and service providers to protect their personal data, no thanks to the bad press surrounding data breaches at big-name firms like Target, Yahoo, Equifax and Uber in recent years.
These consumers would go to the extent of boycotting a firm that has not safeguarded their personal data. They would also report any wrong-doing to the authorities and spread the word to friends and family. With all of that, it’s hard for any firm to ignore the competitive advantage of having sound data protection measures.
Carpe Diem, a Singapore-based childcare service provider, realised this earlier on and was one of the first among its competitors to train its staff on data protection measures required under Singapore’s Personal Data Protection Act.
Data protection officers, also required under the GDPR, were also appointed to drive data protection efforts across its network of childcare centres. Paying heed to data protection has helped to foster trust with parents who can be assured that their personal data, as well as that of their children, would remain secure.