Covering Disruptive Technology Powering Business in The Digital Age

Home > Archives > Opportunities from the GDPR
Opportunities from the GDPR
July 25, 2016

The need for tighter personal data regulation was pressing and an international accord on data access, sharing and storage has been a long time coming. These days personal data is a massive economic commodity and has, by some, been passed around between companies like a stolen bottle of whiskey at a student party, each enjoying the benefits of its intoxicating nectar. This has been the norm for as long as the internet has collected data and it was about time a robust legislation was proposed. These times, thankfully, have come to an end for those dealing within the EU and when the new regulations come into full effect the party for those ill-prepared will be over.

We can all mention a few companies that have benefitted to date from the loosely defined data regulations. Because of the over use and unethical practices by some (and I reiterate by some), customer trust has been eroded to record lows. The loss of millions of personal records not just once but on a regular basis has led to the incentive to now shore up these leaks and put the onus back on those who maintain the databases to tighten security and regulate it better. These changes will come about with new laws which in essence give people greater control over their own personal data and how it can be used.

The General Data Protection and Regulation (GDPR) laws will come into effect on May 28th 2018 after a two year transition period starting 27th April 2016. They will consist of changes in personal data laws and only those companies that have planned for them will benefit from their constraints. This being said more opportunities will also arise for those who manage to take advantage of the new possibilities.

In summary there will be two new proposals. They are the GDPR which gives better control over personal data and the Data Protection Directive, aimed at protecting data in the police and criminal justice sector, including information on crime victims, witnesses and suspects. Based on the text of these new laws some companies have issued warnings on the end of data driven innovation and company profitability. For some who aren’t prepared to change their practices this may be true and according to recent research on the matter most companies have no immediate plan to implement adequate change. Companies that hold and process customer data will be forced to adhere to much tighter audits and will have to store and collect it with ‘unambiguous’ (as opposed to an earlier draft of the proposal that said ‘explicit’ consent) customer consent if they wish to process it in any way. Failure to notify the data protection commissioner or affected individuals of a data breach, for example, will be an offense under the new laws. For those that are found to break these new rules fines of up to 4% of their annual revenue or other such severe implications will shackle the boardroom agenda. Under GDPR laws individuals can seek compensation for ‘non-material’ damage arising from a breach of their data. ‘Power to the people’, one might shout

So where are the opportunities? A recent survey on Irish companies found that 63% of businesses intend to spend more on their IT security over the next 12 months. It has been suggested though that instead of companies dishing out extraordinary amounts of cash on the latest technologies most would benefit more from just getting the basics right.

Transparency will be the key to survival post GDPR. Companies that show open policy on all things data will be able to build customer trust and loyalty. Some companies will hire a Chief Data Officer (CDO) at a senior level within the organisation thinking they will help maintain their compliance and save them from any expensive mistakes. This may not be the case though. Any company that thinks their new CDO or IT department is all they need may have to rethink as the new regulations sit firmly in the legal sphere. There aren’t that many CDO’s or heads of IT adept in the intricacies of legal fine print. Due to this, new opportunities in legal data consultancy and management will arise possibly creating a Legal Data Officer (LDO).  Watch this space.

The onward march of innovation through start-ups should crowd this space too. How soon before there is a need for a standard, approved and legally binding piece of software that will automatically delete sensitive data completely from a data base when a specific timeframe? There might come a time when consumers won’t sign up to data sharing unless there is a corporate ‘delete my data’ button explicit in all T&C’s.

In an extreme move it’s also possible that due to increasing data maintenance costs websites and apps will actually push the governance and regulatory legalities back onto the consumer and force them to maintain their own personal data, allowing only short periods of time when companies can access, process and gain insights from it before returning control fully back to the consumer. Who will write this protocol? This is possibly a future no one is contemplating yet: The citizen CDO.

So although these new laws will constrict how data is being used within the EU there will be plenty of opportunities to fill the void created by them. The laws will change the data industry but with all changes phoenixes will emerge from the ashes of those left behind. Opportunities are there for those who can take them.

Niall Wynne