Google, the GDPR, customer experience and trust

Google, the GDPR, customer experience and trust

Published on: March 13, 2019
Author: Pascal Gauvrit - CTO

The General Data Protection Regulation (GDPR) has had an enormous impact on every organization operating in the European Union. Tighter rules on the use and protection of personal information mean that businesses must now ensure they take a different approach to data processing.

Yet, many organizations don’t seem to be fully compliant. Since GDPR implementation, there have been over 59,000 data breaches reported to authorities. In February 2019, French regulator CNIL fined Google £44 million (€58 million) for non-compliance. In its judgement, it pointed to a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation". Privacy groups have also filed cases against other tech giants, including Amazon, Apple, Netflix and Spotify.

Consumers are increasingly aware of the spread of their personal information across the internet and how it can be misused, such as in the Cambridge Analytica/Facebook case. The GDPR, therefore, strengthens safeguards and so builds trust. This means that ensuring GDPR compliance isn’t only a legal necessity – it is central to business success. For example, 88% of consumers surveyed by Eptica said they wanted to deal with companies that were open and transparent, and that provide more in-depth information than five years ago. Showing the bottom-line impact,  84% said they’d switch to a competitor if the response they received was inadequate.

How the GDPR builds trust is central to today’s customer relationships. Consumers are trusting brands with their most personal information; trusting that they will use it wisely and in their interests; trusting that they’ll protect it and trusting that they’ll make any changes to records quickly and transparently.

This trust extends to the suppliers that brands work with. In complex ecosystems such as customer service and customer experience, it is vital that all your systems are compliant. Suppliers must make it easy to show that you are protecting and safeguarding data, as well as using it to deliver the personalized, high-quality service that consumers demand. That means brands must ensure that they are working with suppliers that can guarantee:

  • Protection of data, with SaaS suppliers able to prove that they meet the highest standards in terms of hosting and security.
  • Anonymization of personal data so that customer records, such as names and addresses, are not visible to staff unless it is relevant to their role and query.
  • Documentation. One of the key requirements of the GDPR is that all processes must be fully audited, documented and followed. This means suppliers need to show how they handle personal data to ensure compliance.
  • The ability to support the Right to be Forgotten. Under the GDPR consumers have the right to see what data a company holds on them - and the right to ask for its removal from all your systems. That means that suppliers must be able to integrate with other systems to automatically and completely remove data as and when it is required.


While the Google fine is a wake-up call for anyone that handles customer data, brands need to understand that GDPR compliance is vital to their business. The cost of breaching customer trust goes far beyond fines. Its impact will be felt across the organization through less loyal consumers and lower revenues. Instead of seeing GDPR as a regulation that needs to be met, leading brands understand that it is about something more fundamental. It provides the chance to build trust with customers and to successfully engage with them for the long term. This will drive closer relationships, create brand advocates and underpin loyalty, thus guaranteeing greater revenues and business growth.

Tags: GDPR, Google, CNIL, Customer Service, Customer experience, SaaS, Facebook, Cambridge Analytica, CX, anonymity, Right to be Forgotten, trust
Categories: Best Practice, News

You might also be interested in these posts: