When growing demand for more transparent information and control over personal data meets new rights and safeguards that enable consumers and employees just to do that, it’s an event to celebrate — especially on Data Privacy Day.

Many firms around the world are working hard to make the May deadline, when supervisory authorities will start enforcing the new General Data Protection Regulation (GDPR). It started as a compliance program in most cases, but some of these firms are already experiencing results that include greater trust with their customers and employees, improved customer experience, and more efficient data strategies. These are the firms that embraced the very spirit of the regulation – which is about protecting the privacy rights of individuals – beyond its letter. And to do it, these organizations have learnt and accounted for the evolving privacy attitude and behaviours of their consumers.

These organizations took into account their consumers’ underlying privacy attitudes and behaviors that define their audience. Forrester’s Consumer Privacy Segmentation summarizes the nuances of European consumer’s privacy profiles. Forrester’s Consumer Privacy Segmentation defines four groups of consumers based on their attention to privacy policies and practices, as well as behaviors around safeguarding data, willingness to share personal information, level of trust in a firm’s data practices, and overall tech-savviness. For total EU-5 online adults, the segment breakout looks like this (EU-5: UK, France, Germany, Italy, and Spain):


However, we see differences across European consumers. For example:

  • British consumers are the most guarded with their data. They are also particularly aware of the economics of data sharing, with 58% of UK online adults reporting to be aware that companies buy and sell their household information.
  • Southern European consumers are most willing to share personal data. Among them, French consumers are the least likely to take action to protect their privacy, such as installing “Do Not Track” browser plug-in, encrypting the data on their devices, using secure passwords, or reading a company’s privacy policy before making an online transaction or downloading an app.
  • German consumers are very informed about their data privacy. 68% are aware that companies buy and sell their household information, and 58% are likely to cancel a transaction if they see something they don’t like in a privacy policy — more than in any other EU-5 country.

Firms that believe that meaningful and long-lasting engagement with their customers needs data privacy in its foundation, regardless of the duty to comply with any specific regulations, must:

  • Use customer data relevantly. Our research shows that when a company uses data in a relevant way and the customer trusts that company, she is very willing to share her data with that company. Our privacy segmentation goes further and shows organizations what encourages certain customers to share their data. Marketers must put these insights into action.
  • Revamp the way they think, innovate, and communicate about their customers. Companies must treat GDPR compliance as an opportunity to regroup and agree on shared values and practices that define how they treat their customers.
  • Give customers meaningful choices. Data privacy is about letting individuals choose what to do with their personal data. Firms must provide their customers (and employees) with meaningful options, such as allowing access to services and standard offers, even when they decide not to share any of their personal data. Our segmentation shows that customers’ privacy preferences are more sophisticated than a binary “yes” or “no.”
  • Design intuitive mechanisms to enable customers to retain control over their data. Marketers must leverage the segmentation to learn the different attitudes toward technology that customers have and they different strategies they follow to protect the security and privacy of their data online. If customers find it easy to retain control over their data, they are more willing to share that data in the first place.

The next update to the privacy segmentation for both EU and US consumers is coming in the spring. Stay tuned!