GDPR From a BC Perspective
Lyndon Bird, Chair of DRI’s Future Vision Committee
Today sees the launch of the European Union (EU) flagship legislation – the General Data Protection Regulation (GDPR). The consequences of GDPR and data privacy in general are discussed in the DRI Trends and Predictions Reports for 2018. Copies can be downloaded here.
Why is GDPR different?
GDPR is likely to cause some trepidation in many boardrooms not only inside the EU but also well beyond its borders. In fact, any firm that holds any data on any EU citizen is likely to be covered by this regulation. This extension of the territorial scope is just one of several factors that make GDPR a very ambitious regulation. Here are some others:
While a different breed of regulation, GDPR shouldn’t have taken anyone by surprise. This regulation was developed over several years and has replaced earlier data protection directives. Since publication, firms have had two years to prepare for it.
Did they? Not quite. Prevailing opinion suggests that some 50 percent of EU-based firms are not yet fully-compliant. Outside of the EU, it is likely that most organizations are still at the beginning of their journey towards implementation. Given the complex nature of GDPR, even those who have been implementing the necessary compliance measures for a long while still might fall short.
Beyond normal compliance concerns, there is a significant political dimension at play here. The global growth and influence of companies such as Facebook and Google has been extremely challenging to governments. Their popularity among the general public is high but a critical weakness they share is their questionable ability to protect our private data – which, under GDPR, becomes less of a security concern and more an individual privacy issue. It is no coincidence that Facebook recently faced harsh challenges from both the U.S. and UK governments over how they shared client data for political analysis and voter targeting.
In short, GDPR has made a fundamental challenge to corporates. It has redefined the ownership of personal data given to companies for specific purposes, such as purchasing a product or service. It changes the rights of the organization to trade that data or use it without permission. And it’s not a regulation that can be ignored.
To learn more about Lyndon Bird and the Future Vision Committee, click here.