GDPR and Beyond

How the world of data privacy is changing. May 2018 will be remembered for two important dates: the Royal Wedding and today – 25th May – marking the introduction of the EU’s General Data Protection Regulation (GDPR).

It’s been nearly a decade in the making. GDPR’s aim is to enshrine the principle of “informed consent” in law – in other words, the idea that every individual should have more control over what personal data is being collected about them, why it is being collected, and be able to correct or erase data held about them.

As companies around the world scramble to become “GDPR compliant”, the teams at Hazy and Adapt have been closely following the discussion – and the blizzard of in-bound Privacy Policy updates. On the dawn of day one, this is our reflection on GDPR and beyond.

The approach that most companies seem to be taking is to think of GDPR as a compliance issue: “what’s the minimum we need to do in order to maintain our customer base and keep out of the courts?” Some companies (the ones that already practiced “informed consent”) are simply putting their approach into clear and transparent language. Others seem to have decided to hide how they use customers’ data (they’re the ones referring to “updated terms of service” agreements, and offering an option to tick an acceptance box without having to read the Terms of Service or Privacy Policy).

Everyone is worried about losing customers – time will tell how big the impact will really be. And don’t forget, following the introduction of the GDPR, the cost of falling foul of its regulations has dramatically increased. With fines of up to €20m or 4% of turnover (whichever is greater) companies have quite rightly started to take notice of their responsibility and improve their data practices.

We also shouldn’t lose sight of the GDPR’s positive agenda. It will create harmonisation and standardisation in data protection regulation across the EU, and that should create more common understanding – with clear benefits for the free flow of trade. Indeed, in today’s digitally connected world, international trade is nothing without the free flow of data, too.

And the bigger picture? We think people are becoming much more aware of their rights, and of companies’ duties to uphold those rights. Who owns, controls, and benefits from data is becoming one of the most important policy issues of our time.

We’ll be candid: Hazy and Adapt share the belief that privacy is paramount (underpinned by transparency between companies and their customers). So you won’t be surprised that we counsel companies to embrace the principles behind GDPR – that data should be collected in a way that respects individual rights, openly explain how it will be used, and promotes the many benefits to customers and companies.

But improving practices may be easier said than done. Ever since the first pop-up ad was served online, companies have raced to collect as much data about their users as possible. New technologies are enabling different data sets to be combined very easily (unlike offline data sets) and then to be processed, analysed and combined with other data to produce highly individualised profiles of users. Valuable stuff.

Meanwhile, as well as fuelling growth, and shaping the products and services that make our everyday lives easier, data has the power to solve problems that were previously insurmountable. For example, Google Waze shares crowdsourced data with local governments around the world, revolutionising traffic management.

So, is there a missed opportunity in all this GDPR noise? It goes without saying that the immediate challenge for every business, large or small, is to ensure they are collecting, using and storing data in a responsible way. But in becoming GDPR compliant, can businesses seize the opportunity to rethink their relationship with data?

We believe that by focusing on how the customer benefits from their data, and creating an informed customer data journey, the full potential of data can be unlocked. This can benefit a company as it develops new products and services, and benefit the world at large as they share data insights for public good.

In this new world – of GDPR and beyond – we’re looking forward to helping companies combine the best technical and policy solutions to build trust with their users and create value for the company and wider society.

Learn more about Adapt here »

Subscribe to our newsletter

For the latest news and insights