As technology continues to rapidly evolve, it’s clear that the world at large is still trying to keep up.
While businesses are expected to drive innovation through technology such as artificial intelligence and virtual reality, the same can’t be said for the UK’s data protection laws, as they struggle to implement the right privacy laws to match the explosion of technology that surrounds our daily lives.
That is all about to change with the introduction of the General Data Protection Regulation (GDPR), the new UK and European law governing data protection.
Not only will this law change the way that the UK and EU countries need to handle data and respond to potential breaches, but companies across the world will also need to comply.
Recently, Facebook had to ensure that the data it had collected on EU citizens wasn’t being misused in the US. The ruling resulted in US firms scrambling to get their data agreements in order and ensure the safe sharing of data.
This is just one example of where GDPR is already changing the way businesses across the world are thinking, marking the start of a truly global digital transformation.
Why GDPR matters
Although GDPR came into force on 24 May 2016, and with just over 18 months until the law’s grace period ends on 25 May 2018, there’s still an alarming amount of uncertainty among businesses over what they need to do.
Extraterritorial in nature, it will affect any organisation providing goods and services of any kind to EU residents, regardless of whether or not the business is situated within the EU.
The new regulations will give consumers and employees unprecedented rights over their personal data. People will have the opportunity to peer deep into the systems and processes of service providers and find out how they store, use and share their personal data.
Companies must provide this information within a month, and if the individual changes their mind over what data should be stored, the business must oblige unless there’s a good reason not to.
Failure to comply with GDPR can result in all manner of disasters – the most significant infringement will be a fine of either 4% of global revenue or €20m, whichever is larger.
In addition, any business that experiences a data breach will be required to notify the Regulator within 72 hours – and a breach alone can destroy reputations and erode public trust.
Although the laws of GDPR come from the EU, businesses across the world will almost certainly apply it to their own strategy, thus beginning a digital metamorphosis.
Once the first complies, competitors will fall over one another to offer the same level of data protection and transparency to their customers. In short, there are a number of factors which indicate GDPR could be a catalyst for a much larger global transformation.
Firstly, the extraterritorial nature of the regulation means that any international company serving EU residents will have to comply.
As the scope and nature of GDPR begins to filter its way into the mainstream media, it’s not surprising that commentators as far afield as Australia and Singapore have hit the headlines with their views on the local impact of these new regulations.
And if the local experts are discussing it, then local businesses will more than likely be considering their next course of action.
The second driving factor is changing consumer expectations. With the advent of social media, public trends and concerns can spread across the world overnight.
Naturally, GDPR gives individuals far more rights than before – sometimes more than the businesses themselves – and this shifts the balance of power.
As consumers learn to flex their new-found privacy muscles, it will be impossible to ring fence raised expectations of better protection and transparency simply within UK and EU boundaries.
The third factor is the global nature of trade in both goods and services, and the cross-border operations of many digital businesses.
For those organisations where the EU is just one part of a global footprint, maintaining EU alongside non-EU variants of processes would be highly challenging if not impossible. It’s likely that many will seek to make all activities GDPR-compliant across every market.
What has become clear in the lead up to GDPR is that businesses cannot afford to leave such important decisions to the IT director – the C-suite is where the buck really stops.
The world’s agenda can change overnight and rather than relying on technology solutions, businesses need to incorporate data protection into their strategy, structure and company culture.
It’s a task that no department can take on singlehandedly – everyone in the organisation has a role to play.
Alongside the strategic organisational transformation, companies will require tools that are built from the ground up to incorporate the principles of data protection and privacy by design.
However, this doesn’t necessarily mean a rip and replace of existing infrastructure. Solutions that are flexible and adaptable will be required, to allow businesses to evolve and adapt as this next wave of digital transformation arrives.
GDPR will force businesses to shed light on the data they store and how they use it, potentially for the very first time.
This in turn will spark the first wave of companies designed specifically to protect data and make processes transparent – and in today’s interconnected, digital-first world, it’s difficult to imagine that this approach will be EU-exclusive.
Of course, new regulations will always trigger a cultural shift in the business world. But GDPR will be one of the first to become truly global.
Sourced from Simon Loopuit, CEO, trust-hub