GDPR – Impending Calamity, or Opportunity?

Some of the communications that surround the EU’s General Data Protection Regulation have been very negative. From where I am positioned as an Information Security professional in the UK, however, I see a number of positives. Is it a calamity or an opportunity? It is my belief that GDPR offers a golden opportunity to businesses and data professionals. Here’s why.

To start with let me give you my over the water cooler version of what GDPR represents and the essence of the regulation. GDPR is the European Union’s data protection law that comes into force in May 2018 and affects any organisation holding EU citizen’s personal data.

The EU law proposes greater rights to the person whose data is held, and greater responsibility for the organisation that holds that personal data. In the event of a breach of the law, significant fines can be levelled by the Information Commissioner’s Office (ICO). As you can guess, that is where the fear factor creeps in.

Brexit, what Brexit?

Brexit has given plenty of opportunities to debate all aspects of the UK’s involvement in the European Union, which was not the case before the referendum. Our cultures and laws are intertwined, many for good reason because, in my opinion, they make absolute sense.

Theresa May has played the middle ground on many aspects of the UK’s exit from the EU. One thing she has stated, albeit conjecture at this point, is that most EU laws will be carried across for the short to medium term, some permanently. To totally unravel almost 45 years of legislation, and re-engineer that legislation will be close to impossible. GDPR is a law that is very likely to prevail for years beyond Brexit.

The lure of personal data

So now that we have established the likelihood of GDPR playing a significant role in the life of businesses in the UK and across the globe for some time to come, what does it mean for those with data responsibilities? The single biggest draw for the Cyber criminal is personal data. You could argue that other forms of data attract, but ultimately it is personal credentials that are the key. We are used to providing our personal information. Even if we stopped the practice today, it’s too late - our digital footprint is everywhere.

Opting out of social networking, online shopping and even online charitable giving are impractical if you want to live in this digital world. So, unfortunately, our personal data is there to be stolen, sold, or traded and we have very little say in the matter. The current law is a little flaky, the commitment by the online market is distracted, guidelines for industry are imperfect, and rarely enforced. Anything that addresses this state of affairs in a positive manner, GDPR for example, is in my view a great step forward for businesses and their customers.

How can more regulation be good for business?

So why would the imposition of a stringent regulation be good for your business if it’s going to take time, and cost more money to apply and administer? The common objection I have heard is that “it’s a EU regulation and we are leaving the EU.” The answer is really straightforward. GDPR comes into affect before the UK leaves and we will still be dealing with EU members. The genuine answer in my book is that GDPR makes perfect sense, and improves buying power!

Customers rule the market; they have a choice when it comes to buying goods and services online. All of us generally buy goods or services online for factors other than price and brand, vital though these are. Simplicity is another key factor, in the buying decision, for an example you need look no further than Amazon and Paypal, they introduced one click buying and we trust them. However history is littered with failed endevours because they could not maintain buyer trust.

The power of assurance

We all know it is important to hold customers’ safety and prosperity very close and dear to your corporate heart, offer reassurance and breed confidence. It’s why we all shop at certain stores over and over again. Why we book our holidays with particular companies and why we bank with particular banks.

My mother’s normal positive feedback regarding dining out is, “the toilets were nice and clean”. She believes that if a business takes care with the toilet facilities, they care about their customers and I can’t argue with that logic. It’s a simple indication of buying power. A feeling that a supplier of goods and services sees you as an individual will have your Tearoom full, while others wonder why theirs is not.

Any organisation that complies with GDPR is showing that their facilities are nice and clean, and that they value their customers.

So can GDPR be a good thing?

There are organisations with whom we have entrusted our data and who have historically felt it is their right to use our personal information for gain and it is they who will suffer the most. These companies will in my opinion, gradually disappear from the landscape, particularly as all responsible organisations will embrace GDPR.

So given the amount of press and web space currently being sprayed around like digital graffiti espousing the impending doom of the GDPR will the world come to an end on the 25th of May 2018?

The simple answer is no. However I will pose a counter question. Can GDPR usher in positives and be a good thing for your business? I personally think, absolutely yes. First and fore most understand the commitment based on the complexity of your business. Then embrace GDPR, plan for it, execute it well and you will be perfectly placed to attract new customers because buyers will embrace what GDPR gives them, and that is control, clarity and assurance.

WayneJolly