It's out with the old and in with the new in May 2018 as the General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA). So, what's driving this continuing crackdown on data privacy?
In this, the first of three blogs, I want to examine why GDPR has come about. In blogs two and three, I will look at the steps firms need to take to comply with it and how to get partners on board.
At the heart of GDPR is the massive growth in the personal data that companies hold on individuals, related to both their private and working lives. Consider this, in June 2017 there were 3.8 billion Internet users – over 50% of the world's population; and the number of devices connected to the IoT is anticipated to be 20.4 billion in 2020.
The apps and applications we use for both business and pleasure are constantly collecting data about our location, habits, health, diet and preferences.
Faced with the realisation of exactly how much data companies are collecting, consumers have become understandably twitchy. According to KPMG, 56% of people are "concerned" or "extremely concerned" about the way companies handle and use their personal data.
When you consider the number of high profile security breaches there have been in the past few years, it is understandable that people are nervous. In the last year alone, Pizza Hut, Yahoo, Equifax, Bupa, Wonga and Three are just some of the companies that have announced security breaches that affected customer data.
And it's not just bad for customers. It's bad for the companies concerned. Talk Talk was fined £400,000, which you might think is bad enough. But the damage to its reputation and business ran into many millions. Under GDPR it could have also been 20 million Euros or 4% of their global turnover.
The reality is that privacy issues are affecting people's buying habits. According to TrustArc, 89% of Brits avoid companies that do not protect their privacy, and a KPMG report states that 55% of consumers surveyed globally said they had decided against buying something online due to privacy concerns.
In a world where the amount of data organisations are collecting is growing exponentially, GDPR aims to provide greater protection for both customers and employees. But the reality is that it makes sound business sense for companies to protect that data anyway – and the introduction of GDPR is an excellent opportunity to ensure that the required processes and procedures are in place.
Bad data management can adversely impact reputation and revenue. The corollary is that great data management can boost business success. 80% of respondents to a Deloitte survey said they would be more likely to purchase from consumer product companies that they believe protect their personal information. In addition, 70% of consumers would be more likely to buy from a consumer product company that was verified by a third party as having the highest standards of data privacy and security.
In summary, the drive for greater data protection and privacy stems from consumers' unease over the amount of data companies are collecting and the way it is used. Consumers want companies to protect and use their data responsibly. And the reality is that it makes good sense, as consumers are more likely to choose to do business with and work for companies they trust with their data.
In this new drive for data privacy, if firms have a clear plan and take action, they have nothing to fear and everything to gain from GDPR.
Next time we'll look at the 10 steps firms need to take to ensure compliance with GDPR.