GDPR - businesses are waking up but are we?

25th May 2018 - it's just over a year until the General Data Protection Regulations come into force. From this point on, organisations who provide products or services to EU citizens will need to abide by the new  rules (regardless of where they are based) or face the rather scary consequences.

I'm not going to talk about the Principles or Rights here (attend one of the events run any good data specialist consultancy if you don't know about them yet). What I am going to do here is think about how 'consumers' could react once the rules come into force.

Firstly, do people even care about data protection regulations?
You can look in any newspaper and read stories of data breaches, lost laptops, hacks and so on to get an idea of the possible level of knowledge. Everyone who is even a little bit savvy about modern business practices will know that sometimes their data could be lost or stolen.

However, how many people actually react to these events? Were you one of the Yahoo hack victims? Do you even know if you were affected?

Chances are, most people will not always realise that they could be impacted nor do they realise what the impacts could actually be.

For example, how many people actually go and change their passwords after a hack? How many take their business elsewhere to a provider who hasn't been hacked?


A cursory glance at the Talk Talk story shows that the damage from their hack was £60m and 101,000 customers. However, they ended that year with profits up £15m. Not too shabby!

Simply put (admittedly using this one example), people don't seem bothered enough with these kinds of issues to completely lose trust in a brand. However, this could change with GDPR.

In future, organisations will need to alert affected individuals within 72 hours of a breach. They're clearly going to need to be better at it than today.

It's also likely that media coverage is going to be boosted by the new potential fines - if the first organisation to be hit with the eye watering 4% fine is a big brand, expect front page news.

If it's a smaller organisation, then the noise may not be as loud, however, I still believe that the damage to the reputation of a brand with customers and other stakeholders (be they shareholders, voters or donors) could be critical.

We're moving into a world where people will have ownership of their own data. Where that isn't the case, people are fighting for that control (see the latest net neutrality arguments in the USA for an example). It's simply not acceptable for organisations to do what they will with the personal data of someone without clear permission and the right levels of security and care.

People may not be fully aware of their new rights yet - there's plenty going on across Europe to keep them occupied right now - but at some point soon, we're going to see an organisation irreparably damaged by a personal data problem. It may admittedly take a slow news day to help..

So? Well it's pretty simple:

Organisations - get ready for GDPR. If you're not confident that you're even DPA compliant today, you need to get a move on. GDPR will demand more from you than ever before and you have no excuse to claim ignorance.

People - understand your rights and how they will change. Don't be afraid to take your business elsewhere if you don't believe your data will be safe. Demand information on how a business will keep your data protected - pressure organisations to be more transparent with you. Above all, if someone does mess things up, change your passwords, close your account and go elsewhere.

Comments

Popular posts from this blog

Why data is not "the new oil" and why it is actually like water.

What the heck is SCV? Why does it matter?

Data’s Big, but just how Big?