Over-implementing GDPR 'could drive away customers'
Companies and organisations are alienating customers by over-enforcing the General Data Protection Regulation (GDPR) EU privacy rules introduced last year, because their staff have not been trained properly, or because it is easier to just say 'no' to queries.
According to Valerie Lyons, chief operating officer at security services firm BH Consulting, consumers are becoming more GDPR-savvy and younger people are especially aware of their privacy rights.
"In my experience, some organisations are hiding behind the GDPR," Ms Lyons said.
"What's really irritating is that some businesses that don't understand what the GDPR is have people on the front desks saying 'I can't help you with that because of GDPR'.
"They are missing out on opportunities where they could be helping their customers because it's easier to say no. I usually find that if a company has bad customer service, their data protection service is bad too," she said.
Many businesses have hired GDPR-specific personnel since the rules were introduced, in a bid to ensure company compliance.
Regulators can fine firms up to €20m or 4pc of annual global turnover, whichever is the greatest. The level of fines depends on the severity of the breach.
However, Ms Lyons added that businesses should also be aware of the spirit of the law, and a level of common sense should apply.
"GDPR is only live for a year and it's going to take organisations time to respond. But, in my experience, many small groups like golf clubs are on top of it in many ways," she said.
"And there is a spirit to the law; that is what European Data Protection Supervisor Giovanni Buttarelli said when it was being introduced.
"If you look at how trust is constructed, it's about whether you can demonstrate integrity and benevolence to the consumer on a consistent basis. It's a case of will you do right by my data, not just will you stick by the letter of the law."
And she added that while many consumers are still in the dark in relation to GDPR, they are becoming more aware of their rights.
Ms Lyons is a speaker at this year's cybersecurity and data protection conference Secure Computing Forum, a partnership between DataSolutions and Independent News & Media.
The conference takes place at Dublin's RDS on September 12.
Log onto www.securecomputingforum.ie to avail of your 2 for 1 ticket offer by inserting promo code 2for1 at checkout.