The EU General Data Protection Regulation (GDPR for short) will be enforced from May 25 onwards. It affects any company that accesses or stores information from EU citizens, regardless of where that company is located — which means that organizations around the world must be GDPR compliant or they will face heavy fines.
Here are the four things that any company that wishes to be GDPR-ready must keep in mind:
1. People Are Starting To Consider Data Privacy To Be A Right
Companies like Facebook and Google have been collecting our data for years, but it seems that people are finally starting to challenge the status quo. Recent initiatives by governments to institute stricter regulations, including the “right to be forgotten” and the right for people to know what information a company has on them, shows how integral an issue privacy and data collection have become.
It’s not just the 500 million people in the EU who are articulating their concerns over data privacy. A 2016 survey conducted by the Pew Research Center shows that many U.S. citizens also have significant worries about their personal information, finding that 86% of internet users have already taken steps to minimize or conceal their digital footprint — while 61% say they “would like to do more” to protect their privacy online. Younger people are also more likely to pay attention to their online privacy and take measures to protect it. As more people come of age in a digital world, companies must be prepared to meet their privacy demands.
2. Investors Are Taking Notice Of Data Privacy
We’re starting to see that investors are concerned about data privacy — and when you start to see investors become vocal about an issue, it means that many people are already raising the topic. Furthermore, the fact that companies and investors are viewing GDPR as a possible opportunity for investment means that they see it as a trend with long-term implications.
Investors are usually the people who are most plugged into the world, who have the greatest incentives to predict where the world is going. The recent influxes of cash into companies who specialize in compliance and customer data show just how much GDPR has become an investment opportunity.
3. Being Transparent Will Become A Competitive Advantage
When discussing GDPR at a recent conference, many saw it first as a constraint, given the steps that need to be taken and the money spent in order to be compliant. At the same time, others pointed out that the transparency required by GDPR could be transformed into a competitive advantage that would then build confidence between a brand and its consumers.
A report by Gartner notes that most companies are putting their time, effort and resources into responding to the security and privacy requirements of GDPR, and they’re ignoring the possibilities that GDPR opens up for their businesses. Instead, the fact that it requires companies to be accountable makes it an opportunity for them to build stronger relationships with their customers. After all, a customer who knows that their information is protected is likely to have more confidence in the brand itself — and confidence is a competitive advantage. Those companies that market themselves as transparent and receptive to their customers’ needs will be the ones that will benefit most from the GDPR rollout.
4. It’s One Thing To Be GDPR Compliant, But Another To Have A Product That’s GDPR Ready
Many companies are proud to announce that they’re GDPR compliant or that they have a GDPR department internally, but hardly any have considered the impact that GDPR will have on product design. In many ways, this relates back to Gartner’s observation of the reaction to GDPR as defensive, rather than proactive, which in turn probably has a lot to do with the size of the fine (up to 4% of global annual turnover or €20 million) if companies are found to be in violation of the rules.
Nevertheless, although many of the companies I speak to have a GDPR department internally and a process for implementing the necessary changes, very few have thought about the changes that have to be made to their product designs. Staggeringly, most have not even considered the implications for mobile apps and app development. As we move closer to the deadline, companies have to begin thinking about how to make all of their products GDPR-ready — on desktops, as well as mobile.
A lot of people, when they think of GDPR, think of it as a problem. I see it as a challenge — a challenge to restore confidence amongst consumers and investors. These new rules ensure that the EU will be leading the way when it comes to data privacy; it’s up to the rest of the world to decide whether they want to follow.