According to The Economist, “Data are to this century what oil was to the last one: a driver of growth and change.” This is true—digital data has led to new infrastructure, new types of businesses, new regulatory policies, and a new economy. Those who can adapt effectively to this new data-driven world will find themselves with a decisive competitive advantage. Companies must be smart about protecting the 21st century’s most valuable resource: data.
The GDPR and Protecting Data
The advent of the General Data Protection Regulation (GDPR) in the EU, which will go into effect in May 2018, will have a profound impact on the business world. This looming regulation means that ensuring the security and confidentiality of critical corporate and customer data is more important than ever. It will impose more stringent and prescriptive compliance challenges for businesses, and it will enforce tough fines on those who are unable to adapt to the new requirements.
Data protection is fundamental to enhanced service offerings and digital commerce. Customers want to know that their data will not be stolen or abused, and we in the enterprise community—the stewards of these assets—must build that trust.
The GDPR is just the first product of an ongoing global conversation about protecting data from corruption and abuse. Consumers are tired of knowing their information could be at risk. I expect we’ll soon see more GDPR-like regulations coming our way, so even if you’re not actively participating in worldwide commerce, it’s worth thinking about how your company can start holding itself to a higher data protection standard.
Clients, customers, and constituents should be proactive about protecting data, and should be preparing for a more regulated future right now. Naturally, if you have existing operations or customers in the EU, this should be a top priority. Be sure to consider:
- Requirements for getting consent
- Administrative fines
- Privacy impact assessments
- Privacy by design and default
- Data breach reporting
- Data transfer outside of the EU
- The mandatory data protection officer (DPO)
- The right to be forgotten/erased
The Customer Is in Control
The GDPR gives customers the power to control the handling of their personal data. Companies must consider not only the new legal requirements for businesses that gather and use this data, but also the individuals’ rights when it comes to their information. Consent must be explicit when it comes to the use of an individual’s data. That means that if a customer didn’t opt in to a specific kind of information, you have to stop there.
You may be concerned that this will impact your ability to market to your customer base, but consent is paramount. Furthermore, the GDPR gives customers the right to be forgotten—or the right to “data erasure”—which creates another operational process to consider. Ask yourself:
- What data do I have?
- Does it contain any sensitive or personally identifiable information?
- What information is available about that data (e.g., source, type, etc.)?
- Where is the data stored?
- How do we organize that data?
The answers to these questions will be critical to your overall digital strategy. They’ll help you develop a data governance plan to manage risk effectively, comply with regulations, and make agile decisions for your business.
New Challenges Bring New Opportunities
The GDPR represents a burden of compliance, of course, but it also represents an opportunity. With data transforming the world economy, and data analysis becoming a new frontier for creating value, GDPR compliance can boost digital commerce when done right. Increased customer confidence establishes trust and encourages more digital business.
The higher your customers’ confidence in your data security, the likelier they’ll be to share their personal data. But the reverse is also true: customers will avoid companies known to be careless with personal data. Establishing trust through proven data security and targeted value propositions can increase your customer retention.
Take Your Risk Culture Seriously
High-profile, worldwide cybersecurity breaches are becoming a common occurrence. The GDPR requirements are raising cybersecurity levels in an effort to reduce the potential for data loss, operational disruption, and physical damage. They take us a long way toward elevating our reputation and brand awareness, and they give us the opportunity to complement our standard data protection practices with those of privacy and operations.
And that’s where the data protection officer (DPO) comes in. Some companies have had a chief security officer or chief data privacy officer on staff for many years, but the GDPR will make it a requirement that companies appoint a DPO as the single point of contact for interacting with regulators. With stakes this high, the role is at the executive management level—and will go a long way toward creating a risk-aware culture within the enterprise.
Managing Data in a Borderless Economy
Obstacles to operating globally are shrinking, meaning we’re closer to a borderless economy than ever before. The basic big data identifiers—like names, addresses, and various ID numbers that are helpful to your day-to-day business—will soon be highly regulated. You may even be required to “forget” them if you’re doing business with EU customers.
May 2018 is right around the corner, which means the challenges and opportunities of protecting data under the GDPR will be the new reality. Big data can make global interactions seamless, enabling you to stay competitive. At the same time, any business bound by the GDPR will need experienced technology partners with deep subject matter expertise to navigate the disciplines it imposes.
Learn more about the challenges of data security compliance in big data.
Let’s block ads! (Why?)