The General Data Protection Regulation (GDPR) deadline is fast approaching and has been one of the most hotly discussed topics in years.
On a tactical level, GDPR raises important questions that enterprises must be able to answer, for instance; what personal data do I hold? Do I have specific consent, and have I registered any objections? Am I upholding the rights of the data subject?
>See also: GDPR: What do you need to know?
The bigger picture, however, is that GDPR is simply a flashpoint in a growing shift of customer perception: today’s customer believes that “trust in my data” is as important, if not potentially more important than the “quality of the product”. Violating customer trust—no matter how good your product—could prove catastrophic.
Therefore, enterprises must see this moment as an opportunity to develop a well-rounded, intelligent and automated approach to data governance and compliance—the basics of an infrastructure that breeds customer trust.
The importance of consent, data governance and data cataloging
One of the most significant challenges facing organisations ahead of GDPR is associating given consent to a specific individual in a holistic manner.
A large proportion of organisations store personal data on individuals scattered around their business, sitting in siloes, or have different ways of identifying the same individual across systems and processes. It is hard to get a complete view of individuals across all their relationships (customer, employee) and interactions with an organisation.
This complexity means that enforcing data governance – or retaining oversight over who is accessing data, and why – as well as datacataloguing – or, having a single, coherent, and comprehensive view over your data – can be really demanding.
Previously, data structuring was just an internal IT problem. Not anymore. Following GDPR, unless organisations can argue for another lawful basis for collecting, processing, using and sharing data, individual data subjects may have the right to refuse certain aspects of usage. Should data subjects not actively provide consent, an organisation could potentially no longer have access to information that could be crucial to its operations. This means that getting control of your data, knowing who is using it, how, and why, is more important than ever.
As industries undergoing data-driven digital transformations develop new, smarter ways to leverage customer data for advancing products and services, the risk of organisations falling foul of the GDPR and abusing the trust of the very customers they are working to serve is escalated. An example is the data generated using physical tracking, which under GDPR could well be considered personal data.
Physical tracking data – a concern under GDPR?
Telecommunications, automotive and home automation companies, amongst others, have ever increasing amounts of data which can be used to identify individual patterns of movement.
Today’s automotive industry has access to large quantities of physical tracking data created from the relationships between car journeys, drivers and passengers. While the data can be used to improve services for customers, any personal data that is created could create direct negative effects for individuals, for example, if telematics data from cars is mined to inform insurance premium rates.
Utility companies also have access to data which can be used to identify a data subject’s patterns of movement. Smart meters and home automation have opened up transformative levels of value generation for the customer and service provider, but in the wrong hands could invite harm to households by highlighting the occupier’s short or long-term absences. In the telco industry, mobile phone records can be easily mined to identify personal relationships and preferences in digital services.
Additionally, for those organisations that have considered monetising the physical tracking data they capture by selling it to third parties, the GDPR will help them to carefully consider the lawful basis for processing data subjects’ personal data and if it can be processed for creating new revenue streams.”
The importance of respecting personal data
Organisations that collect personal data for one purpose must be aware of their responsibilities in managing the data under GPDR. More importantly, they should also understand that individuals are becoming increasingly aware of the use of personal data.
All organisations must work with their customers to build trust and openness about how personal data is used. For organisations, this means building a single view of an individual – to better allow an individual to take control of their data, and for organisations to respect rights and consents of data subjects.
>See also: Can GDPR implementation be weaponised?
Organisations across all industries who lead the way with demonstrating responsibility of managing personal data should benefit from a competitive advantage in attracting and retaining customers in our increasingly digital world. Those who do not heed the requirements outlined in GDPR risk much more than a fine from a regulator – they risk their credibility as an organisation that can be trusted to operate in the digital economy.
Sourced by By Monica McDonnell, Solutions Consultant, EMEA at Informatica