365 days until GDPR enforcement: towards MyData principles
According to PwC, “no legislation rivals the potential global impact of the EU’s General Data Protection Regulation (GDPR)”, which goes into full effect in May 25th 2018. Businesses large and small that handle personal data — including those not based in the Europe but which handle the data of people in the EU — will need to comply with the extensive requirements of the new regulation.
Data is power, and your personal data empowers organisations. The problem is that unregulated power becomes imbalanced, and organisations become digital market dominants. In 2016 the combined revenue of Google, Amazon, Facebook and Apple was greater than 88% of country’s GDP (Gross Domestic Product), that’s greater than the economic output of 176 of the worlds 196 countries! We should celebrate these companies’ successes!
But we should also recognise the true cost we are paying. Our data used in unlegislated ways tends to undermine our personal privacy. But that’s not the real issue. Without digital privacy as an individual, we lose our fundamental human rights too. Our freedoms cannot be maintained in a digitally integrated society unless we as individuals have a balanced level of transparency about how our data is used, control over its utilisation and a means of remedy if we feel our rights are being eroded; this is what the GDPR is seeking to deliver, by empowering us as individuals with greater control over our digital lives.
Digitisation offers us considerable freedoms from onerous tasks, improved efficiency of operation and a lot of personal convenience in many useful and innovative ways. So we have to TRUST digital organisations in order to continue to gain these benefits, but with a degree of sensible caution. Our only route to trust as individual citizens is to be given new legal rights — and this is what the GDPR does, it re-empowers the individual with rights over ‘their data’ and holds companies to account for the use of our data. One of the biggest new areas of change in the GDPR is corporate accountability to supervisory authorities and to you as an individual, built into the legislation precisely to start to rebalance this empowerment equation between citizen and organisation.
However translating legislative support into practical technical and business application is hard. This is part of what MyData is doing. The core idea of MyData is that we, you and I, should have an easy way to see where data about us goes, specify who can use it, and alter these decisions over time. This precisely aligns with key principles of the GDPR, providing transparency for individuals and giving them the right at any time to limit how particular organisations use their data.
Does the GDPR do the job of MyData?
At MyData we welcome the GDPR, which makes gigantic steps towards protecting the rights of individuals to control their personal data, but does it go far enough? In terms of implementing the complete vision of MyData, of course not.
However, it may well change the culture and practice of thousands of companies who now are making free and easy with our personal data. MyData starts to define a pro-active citizen empowering way of doing digital business, putting the individual at the centre of any solution.
MyData is for organisations seeking to go beyond GDPR compliance because they see the customer value in offering up a more trustworthy way of doing business with personal data. If your business has this ethical focus then come along to MyData 2017 to learn how.