GDPR — It’s all about trust.
Written by Aidan Sheppard
So, we all know that GDPR is coming, and has been coming for what seems like an eternity. Some of us are ready and some of us are far from ready — head in the sand and hoping that all will be fine. And what a fine it will be — up to 4% or global turnover or a €20M hemorrhage of cash. Well, work needs to be done and done fast to ensure businesses address the fundamental needs of the ‘requirement’ — they might not like such strict compliance laws but will have to adopt them; becoming more transparent, accountable and in peoples eyes –honest and more importantly secure.
We need not worry about GDPR, we must trust it — it is not scare mongering, or just another ‘rubber stamp’ to get — it should not be seen as ‘fake news’. Indeed we must embrace its tenets and turn the hysteria to our competitive advantage; who knows, it should lead to more effective marketing campaigns that could even add positively to the company’s bottom line.
The territorial scope of GDPR can be misleading — yes it is a European Union piece of legislation, the UK will adopt it for businesses offering goods and services or monitoring within the EU. It is increasingly being hailed as the new global standard for data controllers and processors — a safe haven with the sting of very draconian regulations for compliance to protect personal data for individuals. Indeed the world will change when companies and organisations can only collect and process data for ‘specified, explicit and legitimate purposes’ with the consent of the data subject.
Furthermore, consent has to be given freely with the emphasis that it must be specific, informed and unambiguous Data subjects will now have rights — right to erasure, right to data portability, the right not to be subject to a decision based solely on automated processing and profiling. As GDPR evolves it is thought that Europe will become the safe haven for data. Places such as the US are seen as being more complex and it can cause more complications to store data there (with the added impediment of having to hide behind Binding Corporate Rules (BCRs) and Privacy Shields, so why just not relocate all data to Europe?
It is true that GDPR will continue to put pressure on organisations of all sizes; requiring them to put in place both process and technical changes to support requirements such as SAR, the right to erasure etc. But if we start to look on the positive side of this involuntary revolution to the way we view data (personal and sensitive) we might start to see a silver lining. As a society we are getting more and more conscious about security (due to global events as well as events in the cyber world), and as a result businesses that can show they are serious about data security will be perceived by all to be better custodians of customers data and the predictable outcome will be that they will attract new business.
Data is not just a word, a noun meaning ‘a collection of facts and statistics gathered together for reference or analysis’, it should have connotations of value and worth. Conversely raw data is not an asset (many see it as a burden, a large and organically out of control octopus that must be tamed and caged) — to be of use it must be managed, it has to be purified. Once we have clean data we have a very valuable asset that if used wisely can create demand for goods and services.
Businesses will inevitably look to the cloud as a clean and easy way to become compliant — the cloud service provider will need to be squeaky clean with their own data protection compliance to survive and organisations can ride on the tails of that assurance — many companies do not know exactly where their data is stored and this will be a big headache for CSOs — once they know where their data is stored they can rest easy.
It’s the old adage — 80% planning and 20% execution. If we are able to plan an affective data strategy we should be able to reduce our storage costs and with our newly cleansed data an opportunity, a new dawn of smartly exercising accurate, up to date and above all practical data will emerge. But don’t forget to look at your suppliers and vendors — they are the true meter of your compliance — they might just be your Achilles heal and you need to ensure they are compatible with your new GDPR resolution. Our businesses will be risk free and the regulator will be happy with our newly found accountability and maturity and adherence to good governance — both the customer and the shareholders will be reassured.
GDPR translates as trust and this is underpinned by security, accountability and transparency — its product is something we can all have confidence in — GDPR gives value and is indeed the opposite of ‘fake news’.