While it is bad form to rely on acronyms, General Data Protection Regulation does not roll smoothly off the tongue and will be referred to as GDPR from now on. In a nutshell, it is a new regulation from the European Commission that replaces the old data protection regulation and will, in equal measure, expand and upset the existing policies. GDPR will come into effect in 2018 but the changes are so radical that smart money should already be preparing for it. It will bring new challenges to some previously lucrative venues of big data revenue by setting new, heavy obligations. Yet, new opportunities will emerge, some of them already visible and others waiting to be discovered by enterprising innovators. Additionally, companies preparing for GDPR in advance will gain a competitive advantage and outperform its competitors in privacy issues.
According to the GDPR all information that is directly or indirectly recognisable is personal information. Recognition can be done through IP-addresses, cookies, or other means. This means that very few companies can continue to claim to process anonymous data or non-recognizable data. Nameless data does not provide immunity from privacy regulation.
The overriding principle behind GDPR is enabling ordinary citizens to control their data profiles, or “digital footprint” within the European Union. For example, a citizen will have the right to monitor her data, extract her data profile and even transfer it to a third party, making the citizen the effective owner of any data collected about her. The citizen will also have the right to be forgotten and delete her digital footprint. Note that this also applies to big data systems, so instead of data anonymization, the system must be able to track which data came from which individual and remove it upon request. It is a complete turn-around on how these systems used to operate.
The citizen will have the right to information in “clear and concise manner”, meaning that she will be able to do effective data searches about her own profile and digital footprint. This is a hurdle overlooked by many but heed this warning: while searching for user-related data patterns and profile details is probably going to be easy in itself, presenting them in a clear and concise manner is anything but. Just ask any public transport user interface designer.
One of the more disruptive features of GDPR will be the right to opt-out. Essentially, data collection on the citizen will always need consent, whether it is about cookies or app metrics. The request for consent will have to be built into the user-flow of these systems and the citizen needs “clear and concise” information on what she would be consenting to. Don’t forget that these systems must still enable the citizen to be forgotten at any point, thus deleting information even after the citizen has consented to its collection. All this will have to be catered for in products and services utilizing data collection, which in the 21st century covers everything.
Many citizen rights go hand-in-hand with company obligations, this time, creating huge challenges to firms’ data processes. In order to effectively fulfill their obligations, companies need to offer consumers easy-to-use means to impact the ways in which data is being processed. Being open and forthcoming about data processes allows companies to earn consumers’ trust and strengthen their brand. This trust will eventually turn into a positive purchase decision.
Because data-driven systems are practically omnipresent today, GDPR takes us to a whole new world in 2018. The whole angle of “immunity due to data anonymization” will be gone, creating a radically different legal and liability environment for public institutions and private enterprises. For the alert consumer, the changes are nothing short of revolutionary. Still, the silent majority has the option of ignoring them and going on as before. Businesses do not have this luxury and 2018 isn’t all that far away. Strategies need to be updated, services re-designed, contracts revised and business plans re-written. Additionally, companies need to create comprehensive paper trail for proving compliancy.
All that is something that Privago can help you with.