5 unexpected consequences of GDPR

We're all breathing a sigh of relief that the recent flood of GDPR-related emails from panicked companies around the world has all but dried up. The EU's new data regulation is here, promising to put individuals back in control of their personal data and harmonize data protection and privacy laws across Europe. But as the dust settles, we anticipate a number of interesting consequences. 

Here are five examples (four good and one not so good) of surprising knock-on effects that the regulation may have on business, technology and society.

Stronger relationships - better data

A 10,000-person online poll conducted by Harris in April found only 20 percent of respondents "completely trust" companies to safeguard their data.

With restored trust in tech, individuals may even want to share more precise data with companies in order to benefit from more personalized products and services in line with their interests and needs. As the the world’s largest steward of enterprise data, IBM is calling on other companies not only to comply with regulation like GDPR, but to put in place deeper principles for data responsibility and trust.

AI within arm's reach

GDPR could be seen as a Marie Kondo for data centres. For many, big data has become a big mess. As a result, data scientists currently spend almost 60 percent of their time organizing and cleaning it before they do anything with it. 

With GDPR forcing companies to find, map and catalogue their data and delete what they don't need, they are effectively laying the foundations for machine learning and artificial intelligence — systems that can analyze data at lightning speed and learn as they go, throwing out the type of insight that they never even imagined possible. 

Reduced capacity to track cybercriminals?

Web domain registration information (including the name, address and contact details of registrants) help cybersecurity experts quickly link malicious domains to cybercriminals, in turn helping them to block million of spam messages from suspicious domains. 

There are reports that, under GDPR, domain registrars are no longer providing easy and rapid access to domain registration details in fear of non-compliance and subsequent fines. As a result, cybersecurity experts are becoming concerned about their ability to effectively track hackers and spammers in the the fight against cybercrime. Regulators and tech experts are working to hammer out a solution asap 

(Image credit: Creative comms)

More advanced encryption technologies

GDPR is forcing companies to ensure the highest possible levels of protection and privacy - from hackers to data processors themselves. Fully homomorphic encryption - akin to sealing and analyzing data in an impenetrable bag - is seen as the Holy Grail of encryption technologies. It's been in development for years but still isn't quite fast enough to be viable; however, recent advances promise to accelerate its commercial availability. 

Companies are already using a new generation of pseudonymization technologies to strip out the most sensitive personal information from data, replacing it with something fake so it can be analyzed and shared while still respecting privacy. For example, the Dutch bank Rabobank is replacing the names of banking customers with the Latin names of flowers before sharing it with software developers for app testing. Necessity is the mother invention 

The rise of 'data trusts'

With data rapidly turning from a company's biggest asset to its biggest potential issue, some businesses may choose not to manage any of their own data. Instead they may 'offshore' it to an expert third-party who can store, process and eventually delete the data in a way consistent with new laws like GDPR. 

These fascinating new entities are called "data trusts" and IBM and MasterCard have set up the industry's first. 'Trūata' promises to manage, anonymize and analyze vast amounts of personal information held by companies such as travel agents and insurers. It's a bit like keeping money in a bank rather than keeping it at home in order to benefit from better security and other value added services - only in this case, the data that's put in the trust isn't pooled and mixed together. 

Overall, despite the effort involved, according to IBM research over 60% of business leaders see GDPR as a blessing in disguise: a way to drive digital transformation across the enterprise and innovate new data-centric business models. IBM's take is that sometimes intense pressure and constraint lead to great innovation and that business leaders should embrace the regulation - they may be surprised by some of the benefits. 

Richard Hogg is IBM's GDPR Evangelist.

Richard Hogg

Richard Hogg is the Global Information Governance Director at White & Case LLP with 15+ years global experience across InfoGov, Analytics, eDiscovery & ECM, he’s consulted the last 4 years with heavily-regulated clients worldwide on their Privacy-readiness journeys across GDPR, CCPA etc.
Previous GDPR Evangelist at IBM, CTO at Info1st, CCO Tarian Software.
He’s a Frequent Speaker annually on GDPR & InfoGov across AIIM, ARMA, MER, LegalTech, Insight, World of Watson, DataSummit, DataWorks, CGOC, InfoGovCon, IPBA, ILTA, IAPP and Think.