Data is Money, So You'd Better Treat it That Way

The age of digital transformation is well underway; companies of all sizes and all shapes are looking to deliver an omnichannel offering for their customers. What will be the key to success? Data.

The value of data is well established at this point. Any business worth its salt is collecting more and more in the hope of being able to monetise it down the line through marketing, efficiency gains, directly or a combination of all of the above. Data has become a valuable commodity in itself and as with anything considered valuable it needs to be looked after from the less honest elements of society.

If businesses have only just now got to grips with data, the same can certainly be said of government. If it was a race to keep up with the pace of change in the way business is done, government has been uncomfortably puffing and wheezing in a struggle to keep up. But in the European Commission’s General Data Protection Regulation (GDPR), it seems government has got something of a second wind. With formal adoption this Spring and enforcement coming in 2018, the GDPR will strengthen and unify data protection and more importantly data privacy for individuals within the EU. Now it’s the turn of business to react and make sure that they are treating the data they’ve been greedily gathering with care.

What is the GDPR?

Current data protection regulations in the EU rely on the Data Protection Directive that was passed in 1995 – a time when the World Wide Web was only a year old, there was no Google or Facebook and cloud computing and thumb storage meant nothing to anyone - floppy disk anyone? Plus it was only a directive so it was left to individual member countries to determine how to implement it. The result is that data security in Europe today is a patchwork and outdated one at that.

The GDPR seeks to rectify this to guarantee privacy rights. It focuses on reinforcing individuals' rights, strengthening the EU internal market, ensuring stronger enforcement of the rules, streamlining international transfers of personal data and setting global data protection standards. Any company that markets goods or services to EU residents may be viewed as subject to the GDPR, regardless of whether the company is located or uses equipment in the EU or not.

The changes will give people more control over their personal data and make it easier to access it. It is designed to make sure that every individual’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU.

The new rules address this through:

· A "right to be forgotten": When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press.

· Easier access to one's data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers.

· The right to know when one's data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures.

· Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ are now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps.

· Stronger enforcement of the rules: data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover or €100m – whichever is most.

When the GDPR is adopted this year, it will be law for all 28 EU member states. There will be a two year transition phase and all EU citizens will be advised of their rights and companies of their obligations.

The big implications for business

The last of those bullets is the one that should be having CEOs, CSOs, CIOs and the rest of the board sitting up and taking notice. If as a business you’ve ever struggled to put a value on data is clear in black and white now. This doesn’t even take into account the cost of potentially irreparable reputational damage. In spite of this, a recent survey has shown that just one in five businesses is confident of achieving GDPR compliance.

Compliance will be a key driver of IT spend in business over the next two years. Anyone buying software that isn’t compliant will end up with redundant technology. Buyers will want a guarantee that their suppliers understand and comply with GDPR.

The other reason to start audits and preparations immediately is the far reaching effects of GDPR on partner networks and customers.

On the partner front, companies will need to ensure that the personal information of any individual can be deleted simply and easily across partner software packages that share the same data, or where they have sold user data on to other organisations. They will also need to ensure that they can give individuals easy access to data in text format from any and every part of partner software packages.

From an end customer perspective, confirmation that any new product or service is developed with the maximum possible security configuration will be required as no organisation will be able to sell software that requires users to configure the security themselves.

The time to act is now

As the rest of the business continues to assert the value of collecting data, it’s little surprise that GDPR compliance is making IT pros nervous. However, the job isn’t theirs alone – it’s for everyone in the market as a whole to make ‘security as standard’ their priority. The accelerated move to digital transformation only compounds the need for urgency. Smart organisations are starting to educate themselves, determine which of their business’ data is affected and where, and reviewing their partner contracts and procedures as a matter of urgency.

By Mark Armstrong, VP and MD EMEA at Progress

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

Latest articles

5G will advance all of society as we know it

How empathy, ahead of tech, will be the key driver of business recovery post-coronavirus

Automation: a faceless route to customer alienation or a productivity driver?

The importance of data collaboration for marketers

Post-lockdown â€“ planning for your businessâ€™ road to recovery

The 4Ps plus purpose are the key to thriving in the 2020s

Join todayâ€™s data privacy and cyber security virtual event

Behavioural change, nudge theory and ultimate benefit â€“ why isnâ€™t the trial COVID tracking app harnessing the best in tech?

Turning Global Data Protection Into Global Opportunity

Weathering the storm: How cloud technology can help marketers to succeed remotely

Data Legislation Education: Businesses Must Boost Knowledge

Are you a digital polluter? Why advertisers must now end online waste in order to survive

Three key questions businesses should ask themselves before investing in AI tech

Hidden stakeholders: Why CISOs hold the key to successful digital transformation

The IAB Europe Guide to Cookies: Privacy Promises Should Do More Than Crumble

Data is Money, So You'd Better Treat it That Way

By Mark Armstrong, VP and MD EMEA at Progress

Posted in Data on 31 May 2016, 14:00, 0 Comments.