Monitor with the lock of GDPR Compliance

The General Data Protection Regulation (GDPR) is coming to the European Union and it’s not to be trifled with. Hypothetical fines of up to 20 million euros to companies who neglect to do their part to help the people of the EU gain back control over their data spell out how important compliance is not just to success, but survival. From a business perspective, getting ahead of the potential far-reaching consequences is obviously critical. It doesn’t have to be impossible, though.

Checks and Balances… and Stock Prices

For starters, the 25 May 2018 date on which it will be enacted is the culmination of a two-year transition period that began in 2016. As such, it should be pointed out this development is far from reactionary to the recent data misuse and privacy scandal surrounding American cyber behemoth Facebook. Despite involving Facebook, the outrage technically originated over the Atlantic with British consulting firm Cambridge Analytica allegedly impacting the United Kingdom’s Brexit vote  (and American 2016 presidential election) by leveraging the platform.

In other words, this legislation could not come any sooner. There is a clear need for checks and balances to keep the best interests of the consumer at heart. As Facebook is discovering firsthand after the fact, trying to find some way to address the issue only once one of the worst-case scenarios has come to fruition, it’s also in companies’ best interests. Facebook stock has seen better days, with the resulting #DeleteFacebook movement gaining more and more steam.

The point is organizations who didn’t see this coming only have themselves to blame, as they’ve had ample time to make necessary adjustments. These adjustments include educating staff and getting buy-in, making required hires, and undergoing internal audits to ensure compliance.

Compliance in this case is largely synonymous with acquiring consumer consent to process their data. Out are longwinded terms and conditions. Consent must be given via forms written in clear and concise language and must be able to be withdrawn just as easily. The relationship between consumer and company will be made all the more transparent, effectively through reports on demand, documenting how customers’ data is used. If an EU citizen/ resident makes a request, the company in question will have to make the information accessible and accurately report it to them.

The Benefits of Big Data

Data is obviously a powerful thing. When used properly, it can help a firm drive product development and improve relationships with customers in one fell swoop. For example, in relation to quality-control solutions-provider GlobalVision’s product offering, mining data pertaining to the packaging you produce can help minimize waste and optimize internal processes. Leverageable data doesn’t necessarily have to come from consumers or infringe on their privacy to connect with them.

As argued by GlobalVision Director of Technology Jonathan Hou, “You could capture data from packaging and print suppliers to help identify areas of improvement or pick top performers in your supply chain. Helping find the source of errors will help in reducing reprints.”

Meanwhile, smart labels and packaging work the other way and let consumers themselves pull data about a given product to better assess if it meets their needs. So, data, in and of itself, is far from the problem. It’s when the data in question and the trust between the two parties here is abused that problems start to surface. In that sense, what GDPR is setting out to accomplish, act as a watchdog to ensure companies toe the line and stay on the side of ethical compliance, is for the best.

Putting the “PR” in GDPR

The word “compliance” often gets a bad reputation as conforming is just not individualistic. People want to be able to make their own decisions and conforming often runs counter to free will. Unfortunately, as the ongoing Cambridge Analytica saga would attest to, free will is consistently at risk of being manipulated in this day and age. When compliance is being asked of multi-national corporations and not the people they are supposed to cater to, it’s often a good thing.

Data integrity starts with data security. The GDPR looks to guarantee both, stating that, “the controller and the processor [of data] shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including… the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.” – Art. 32(1)(b).

Furthermore, the data that is gathered shall be “limited to what is necessary in relation to the purposes for which they are processed.” – Art. 5(1)(c). That doesn’t necessarily have to do with security, but it does with integrity, both with regard to data and the motivations behind its collection.

In principle, no one can argue with the merits of the argument. In practice, it’s just a question of whether the GDPR will be adequately enforced, once 25 May rolls around. If so, there should be no question as to its effectiveness, taking steps in the right direction. For companies looking at life after the legislation comes into effect, those first steps are always difficult, but it presumably gets easier. At least it should, after they try walking a mile in their customers’ shoes.