Well, we’ve had GDPR for a few months now (July 2018) and gradually we’re all getting used to it albeit some of us still have a long way to go even to understand it properly. Now seems a good time to start a conversation about why GDPR is going to be good for business, good for consumers and not the ogre it has often been portrayed.
Away with the hyperbole
Data protection regulators around the EU now certainly have more teeth than was the case before May 25th but let’s not get carried away by talk of the maximum fines for data breaches under GDPR. It seems to me that the ICO (Information Commissioners Office) here in the UK has been at some pains to help businesses understand and implement the new data protection regulations and I suspect this approach will continue for some while. Where fines are to be levied I would expect them to be reserved for cases involving wilful and blatant flouting or disregard of the regulation. If you are planning to be in this category then open a savings account soon – you’re going to need every penny.
Most businesses will find they are sanctioned lightly in the first instance unless the breach is serious (large volumes of unencrypted data and/or data of a highly sensitive nature lost). But woe betide if you then fail to act as the GDPR is clear on the severity of any sanctions being linked to any past “form” on the part of the miscreant as well as their attitude to working with the regulator and rectifying the problem.
So wherein lays the risk?
Frankly, the biggest risks to most businesses lie in the need to respond to data subjects (the fancy GDPR term for consumers) when they ask to have copies of their data, in an electronic and portable format. For businesses that are collecting data at several different points, locations or through a variety of systems this will prove a nightmare if they have not established systems to collate all of this. And the GDPR only gives you a brief time in which to provide the data.
GDPR will be properly tested when organisations find they have to respond to requests for data held and they struggle to compile it accurately and completely within the designated time allowed.
And wherein the opportunity?
I think the best practitioners of data security and management will definitely steal a march on their less prepared competitors. As consumers become more aware of which businesses respect their data and treat it as something on loan rather than an owned asset so they will vote with their feet, as the expression goes. Trust will be built between customers and those businesses that embed respect for data throughout their organisation. Consumers will engage more openly with your content and your personnel and they will distinguish between the good, the bad and the ugly.
So let’s embrace GDPR as a good thing and learn to use it to our advantage. Let’s treat customers’ data respectfully and teach colleagues how to make the data for which we are custodians is made to be more valuable to us whilst in our hands.
Let’s stop scaremongering and start focusing on the plus side of the equation.