How GDPR and CCPA Compliance Requests Eat Away at Profits

Without an understanding of where data is stored, how to access it or how to make a change, no request for consent or privacy data can be easily addressed.

Rooted in increased regulation such as General Data Privacy Regulation (GDPR) and California Consumer Privacy Act (CCPA) and general customer backlash, a growing emphasis on collecting consent and ensuring privacy of customer data exists. In this environment, the cost of compliance is a top of mind factor for companies, but how cost is considered varies from organization to organization.

Irrespective of an organization’s approach, the cost and complexity of solving the consent and privacy problem remains high.

Some companies focus on the cost of setting up technology to collect, track, store and report customer consent and privacy across their enterprise systems. They focus on making a solution-based cost benefit decision, seeing the compliance problem simply as a project to complete and an item to check off their to-do list.

Others focus on quantifying the cost of potential fines associated with non-compliance. Their focus is risk-reward and decisions are based on the potential risk and associated cost to the organization for a complaint.

By defining a consent and compliance project so discretely, organizations overlook an expensive and impactful aspect of addressing the requirement which starts with a simple request: A customer asks to be removed from a communication.

Without approaching compliance holistically, a request to be removed, be forgotten or for an understanding of what is being collected on a customer becomes a grain of sand in the gears of the company. This grain of sand negatively impacts and slows down the overall organization as it works to address the request.

As the request moves through the organization from department to department, the cost to address a compliance inquiry grows exponentially — and this expense grows as the number of requests grow.

Cost to Customer Service

In most cases, the information needed to answer common customer requests — such as tracking whether their product shipped, their order was placed or learning the status on their account — is relatively easy. That’s because they’ve spent years and lots of money building out their core CRM systems.

This is not true for consent and privacy data. This data is stored across many different systems and tools within the enterprise. Additionally, accomplishing a consolidated view requires a proper data map to what information is stored where.

By allowing customers to complete consent and privacy requests via self-service or providing customer service representatives easy access to customer data across the enterprise, customer inquiries can be handled effectively before they become a larger problem.

Without an overall understanding of where data is stored, how to access it and more importantly make a change, no request for consent or privacy data can be easily addressed. This results in significant time and effort by the customer service representative and others across the organization, as well as multiple communications with the customer regarding the status of their request.

Cost to Marketing

Good marketing presents a well thought out brand promise and makes the customer take notice. However, in order to fulfill compliance requirements, many companies deploy tactics that result in less than ideal messaging to customers regarding the use of their data. These messages only confuse, frustrate and certainly don’t convert customers.

In other cases, in an attempt to quickly address consent and privacy risks organizations turn to Band-Aid fixes such as the implementation of complete opt-out versus opt-down or the decision to not send outbound communications at all.

The loss of customer communication, either because of overly stringent adherence to compliance laws and regulations or due to confusing compliance language, impacts the effectiveness of marketing and decreases ROI on marketing efforts.

Well thought out consent collection and data privacy access at key moments in the customer journey is key to converting compliance from a cost to marketing to a marketing advantage.

Cost to Compliance

Without a proper governance approach, the compliance department finds itself stuck in a cycle of one-off responses to complaints and addressing compliance requests that arise. To address the problem “of the moment,” the department tasked with compliance works in a constant triage.

Consent and privacy management is not a technology and it is not a project.

To address these correctly, it requires an overarching practice, a general shift in the way the organization views the customer and works internally. Fully addressing consent and privacy requests requires input from all departments to stand up a well thought out approach and continually update it as the technology, business and compliance environment changes. The compliance department must be strategic about its approach in order to be successful.

Cost to the Customer Experience

Finally, the most impacted aspect of an organization is the customer experience. This includes how the customer views the organization as a steward of their data, their experience of receiving communications across many channels, as well as their experience when they interact with digital properties.

Collection of consent and responding to data privacy requests must be thought through as strategically as any marketing campaign to drive traffic, shopping cart experience to increase conversion or supply chain assessment to drive down costs and increase customer satisfaction.  It can’t simply be bolted on as an afterthought.

As regulations and requirements increase as a result of increased scrutiny through laws such as GDPR and CCPA, the cost of complying with customer requests eats away at top and bottom-line profits.

Topline because the customer can exercise the choice to work with companies that honor their consent and privacy wishes strategically and proactively; bottom line because of the internal impact to ill-prepared organizations as they react to inquiries from customers.

To be successful, organizations must think through the ramifications beyond the implementation of a singular technology or in preparation for potential fines.


Eric V. Holtzclaw is Chief Strategist of PossibleNOW, a provider of consumer regulatory compliance and consent solutions. He is author of “Laddering: Unlocking the Potential of Consumer Behavior.”

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters