We are at the dawn of a new era – a tipping point, if you will. This year GDPR became more than a ‘buzzword’. Last month, the first hefty fine was issued to Google by French regulators for failing to comply. As a result, discussion around data privacy and protection has echoed across the globe in all sections of business and society.
What’s more, due to lots of very public data breaches, consumers are now more aware than ever of just how much data they produce – and why they should care about its protection.
GDPR is now enshrined in EU law and there is no “getting around it” – uncompliant organisations will be held accountable. We are entering a new era of data awareness.
- Cisco backs US GDPR calls
- Satya Nadella calls for global GDPR
- GDPR and the case for ethical data handling
Data regulation calls for collaboration
When we surveyed UK companies in April 2018, 56% said that their company’s reputation would suffer as an impact of non-compliance with GDPR. At the time, 47% were concerned about revenue loss, and 41% thought their company survival was at stake due to potential financial penalties. We can now see that these concerns around the implications of GDPR for business united the C-suite and IT decision makers.
As predicted, the number of data breach notifications has significantly increased. The Information Commissioner’s Office (ICO) reported 367 data breach notifications in April 2018. However, between July and September it highlighted a total of 4,056 notifications. This is a huge increase. Far from highlighting flaws in the system, it reflects a fresh, cautionary approach that makes it less likely for a breach to slip through the net – it means those compliance processes are working.
Businesses are trying. They are grappling with the logistics of data privacy communication. Consumers, on the other hand, are now having to deal with clunky and often irritating online pop-ups, alerting us to our right to ‘opt-out’.
GDPR getting it right, making it better
This only makes the reputational risks of non-compliance more significant. Big tech firms are paying attention, as the US toys with the creation of a similar regulation. GDPR compliance boils down to competitive advantage – those that want to thrive, not simply survive, in the data-driven world must put consumer data privacy first.
The survey we conducted six months ago found that three in four UK businesses believed GDPR would improve their competitiveness. With increasingly data-savvy consumers, they weren’t wrong. The major data breaches that have been making headlines, build into this narrative. Consumers now perceive data breaches with more clarity. They are awake when it comes to data privacy and more aware of their data rights.
Handling this through the adequate management and protection of data wherever it lives, on-premises or in the cloud, is now of the utmost importance for companies.
Google you have been GDPR’d
Google is the first tech goliath to incur a major GDPR fine, since the regulation came into play in May 2018. Its decision to appeal the ruling of the French data watchdog CNIL, which maintains that Google failed to attain adequate consent from users when processing their data for the purpose of personalised advertising, will be watched closely by Big Tech players. As the first challenge to the EU regulation, it will set a precedence for content creators, publishers and tech companies alike.
What makes Google’s case interesting is that it will help to clarify what transparent communication looks like – and ultimately, consensual opt-in. Google claims it has followed regulatory guidance and user testing measures to create the best experience, but ultimately users were presented with catch-all tick boxes. The signal is clear, there can be no vague interpretations of what transparent consent looks like.
Risks and data mapping
Ultimately, explicit consent is essential regardless of perceived risks of losing consumers with increased interactivity. Upfront interaction should be regarded in a positive light. It means building a better relationship with customers, based on trust and understanding. Meanwhile, a business cannot empower users with transparent data privacy opt-ins, if they do not understand how their data is shared.
The pressure is on to pursue highlighted breaches, rigorously targeting blatant transgressions and to bring to light what isn’t permissible. This is only the beginning, we cannot work complacently with a box ticking mentality. Consumers, businesses and technologists must keep a visionary eye on the middle-distance, staying one step ahead of regulatory needs.
Grant Caley, CTO at NetApp