With consumer data privacy becoming a top priority in the current age, regulating authorities have jumped into the conundrum to ensure that users get the privacy they need for their personal data. One such regulatory authority that has come into the mix to ensure rights for all users online is the European Union. The EU announced the General Data Protection Regulation or GDPR, that will be in full effect by May of this year. Although GDPR may be considered a regional regulation, its impact is far=flung and may be seen across the globe in the coming days.
While GDPR imposes regulations on many aspects of management and user protection, the main clause of the regulation is that users will now be able to control their own personal data online and organizations will be required to protect the data that users share with them. New protection methods for personally identifiable information or PII gives every EU citizen the right to approve the use of their personal data. Citizens can now allow the use of their data or can opt for the “right to be forgotten” as an alternative.
The enforcement of the GDPR by the EU will be done through the implementation of a series of sanctions, stiff fines, and compensations. These fines and compensations will range from to two percent of an organization’s revenue or 10 million Euros for minor infractions to four percent of an organization’s revenue or 20 million Euros for major infractions. The amount will be settled on the basis of whichever of the two figures is higher. The regulations haven’t been imposed just for organizations based in the EU, but will also be applied to any organization doing business with EU citizens, regardless of the industry it operates in and its size.
While complying with GDPR regulations is definitely a challenge for all organizations currently operating with EU citizens, success would lie in seeing these new regulations as an opportunity to achieve competitive differentiation rather than just a barrier or a challenge. This presents an exemplary opportunity for organizations to drive digital trust for their brands and ensure that they not only comply with these regulations, but also end up making a mark for themselves in this competitive environment.
Take organizations like Google, Apple and Microsoft etc. Consumer confidence has always been important for these organizations and they have always operated within law to get customer consent for using their data. This has allowed major corporations to stand out and gain a unique selling point that differentiates them from the others.
Some organizations have stored tons of customer data for which they did not acquire written consent. This means the data cannot be used for the purpose of analysis after the end of May 2018.
Data management platforms (DMP) are instrumental for digital marketers. These platforms help marketers find high value audience to advertise their products and services. Most of this data is collected by third parties and used by marketers. However, with the general data protection regulation taking effect from May, DMPs will have a difficult time to obtain third party data.
Data collectors are likely to face more legal obligations under GDPR, leaving DMPs to rely more on first and second party data. Use of 3rd party data should be reviewed depending on new GDPR regulations.
Most organizations will have to revert back to the core architecture on how they collect and manage customer data. Businesses would need to switch to a flexible, agile & compliant architecture to manage & analyse real time (customer behavior) data.
Businesses will need to re-organize the strategy on how to segment their audience if their ability to collect data is limited. While this limitation presents new challenges, it also brings new opportunities for businesses.
Each business will have to find their own way of dealing with the changes in regulation and we are likely to see creative ways to improve the customer experience to get in return the customer’s data.
Furthermore, business will need to provide improved security features to their give consumers. By giving their users the right over their own data, as suggested by the GDPR, these organizations can assuage the concerns of the customers regarding data theft.
By cashing into this opportunity, you will not only comply with the EU regulations proposed through GDPR, but will also create a unique identity for your brand.
About the Authors
For over 15 years, Bob Nieme has been a Digital Transparency protagonist, being the most essential condition for long term relationships based on trust and mutual interest.In 2014 Bob was recognized as a Privacy by Design Ambassador by the Information and Privacy Commissioner of Ontario, Canada and in 2013 he was admitted to the Advisory Board of the Department of Mathematics and Computer Science of Eindhoven University of Technology. As a Data Science Ambassador, he initiates and supports various start-ups and education programs. Bob Nieme founded 3 leading data-technology companies: Adversitement specializes in data process management, O2MC I/O offers a prescriptive web computing framework, and Datastreams.io empowers data-driven collaboration by providing governed access to trusted data sources.
Ronald van Loon
Ronald van Loon is, Director at Adversitement, an Advisory Board Member and Big Data & Analytics course advisor for Simplilearn. He contributes his expertise towards the rapid growth of Simplilearn’s popular Big Data & Analytics category.