In just over a week, the European Union will make history by enforcing the most comprehensive personal data privacy regulation to date — the General Data Protection Regulation (GDPR).
As we’ll explore in our upcoming webinar, “GDPR: Is Data Still the New Currency?” this development amounts to more than a regional regulation that affects a select group of organizations. It signals a major shift in how companies must approach the ways they collect, store, and manage personal data. It will also require a rethinking of business models based on monetization of data.
Handling Personal Data: Yesterday vs Today
For decades, companies have functioned in a “Wild West” environment when it comes to how they collect and use personal data. Extracting and storing massive amounts of customer information from every interaction and tossing it into a data lake, “just in case” they ever needed it, was standard procedure. The result: huge data stores that vary widely in terms of data quality, accuracy, and relevance … or that amount to “black boxes” of which no one is quite sure of the contents — essentially creating an unusable “data flood.”
Data managers have known for years about the problems this approach can cause — inefficient use of resources, data overload, multiple sources of truth, etc. — but until now, they’ve had few compelling reasons to change. Sound data management practices were certainly “nice to have,” but implementing them required a larger commitment of time and resources than many companies were willing to make.
For organizations that control and process data on EU residents, GDPR is making those sound data management practices mandatory. Under GDPR, firms must collect only the personal data they need — and show a legitimate interest for doing so — and they must keep a record of all data processing activities. They must also accommodate data subjects’ GDPR-granted rights such as the right to access and the right to erasure. Fulfilling these obligations requires an integrated, well-managed data architecture, and failure to comply could cost you 20 million euros or 4 percent of your annual global revenue.
How the GDPR Is Changing the Game
While earlier regulations (such as the EU’s 1995 Data Protection Directive) simply laid out general recommendations for handling personal data, the GDPR goes considerably further in terms of territorial reach, scope, and enforceability.
GDPR is really about data privacy. Three far-reaching implications of the new regulation are
- Creating a paradigm shift from businesses “owning personal data” to personal data being on loan from the data subject to the business, by granting EU residents specific data privacy rights regarding their personal data (right to erasure, right to request data portability from you to one of your competitors, etc.)
- Nullifying implied consent and replacing it with requirements for explicitly given consent for each specific use of the data, without which the data cannot be kept or used
- Holding data controllers and processors responsible for meeting a series of binding obligations (keeping a record of data processing, showing legitimate reasons for processing personal data, etc.) — and providing the teeth for enforcement
According to Forrester, 48 percent of businesses are commercializing data — sharing or selling their data for revenue. GDPR breaks the business models of these businesses. Much of the information about EU residents currently being collected and stored will be illegally held and will render those businesses subject to steep penalties after May 25.
The Added Benefits of Compliance
While avoiding fines is the most obvious incentive for complying with the GDPR, aligning data management practices with the new requirements can deliver a host of additional benefits. Potential business partners who do business in the EU will look for GDPR compliance as part of their due diligence procedures. Having a single source of truth for customer information enables you to improve your customer experience and streamline internal processes. Culling your data stores will leave your interactions with more active customers, which in turn means cost savings in the form of marketing and data storage costs.
Implementing sound data management also helps you prepare for the personal data regulations that governments around the world — including the United States — are now considering, giving you a competitive advantage over companies who have not been as diligent in their data privacy initiatives.
Returning to the title of this post — Is data still the new currency? — the answer is “it depends.” There is no inherent value in data; rather, the value is in the actionable information. As several commentators have noted, Data + Use = Value. In the age of GDPR and global concerns over privacy, the old way of using data to your organization’s advantage is obsolete. However, in the process of adapting to these changes, you can uncover new and effective ways of using your data to generate business value.
To find out how, join us at our webinar on May 22, where we’ll go into deeper detail about this “new world order” and look at real-world examples of enterprise data management done well. Register now for “GDPR: Is Data Still the New Currency?” to reserve your spot, and we look forward to seeing you there.
Follow Jill Reber on Twitter at @PrimitiveCEO.