Analysis of the potential economic impact of GDPR – October 2017

internetnew-economy||55privacy||55
Sector: Internet/New Economy | Privacy and security
Client: N/A
Published: 30 October, 2017
Document type: Report 
Tagged: analysis of economic developments impact assessment quantitative analysis stakeholder surveys and consultations EC/EEA UK

This study examines the potential economic impact of the General Data Protection Regulation (GDPR) in relation to the ambiguities created by the Information Commissioner’s Office (ICO) guidance on consent. Two elements of the guidance are analysed in detail: the prohibition of any form of opt-out consent and the requirement to name all third-parties that will rely on consent. The evidence reviewed in this report clearly indicates that a more stringent interpretation of GDPR, as per current ICO guidance, would lead to a reduction in the amount of data available to companies.

As a result, profits attributable to data analytics could decrease by up to £41 million in the UK, while profits attributable to prospecting for customers could decrease by up to £114 million.

Furthermore, firms may be induced to move data collection and analysis in-house rather than outsourcing it to specialist analytics and data providers, thereby undoing the benefits of specialisation and entrenching the market power of larger firms. A closed system of centralised data silos could pose problems for data security, and render data duplication unavoidable. In addition, consumers in a closed system might be asked to provide consent for the same personal data multiple times, whereas in a distributed data ecosystem they might only be asked once.

A survey of marketing and data professionals in the UK that was conducted as part of this study reveals a strikingly low level of certainty regarding the impact of GDPR on core business activities and company performance. This points to a lack of effective communication regarding the interpretation of GDPR with the business community and a failure to provide a comprehensive impact assessment of GDPR.