Ultimately taking the GDPR seriously and implementing its regime in a structured and effective manner will provide a prize that has, to date, eluded many of the major players online. Trust! Prior to the GDPR, member countries had to work with laws from 28 member countries. This meant that a patchwork of regulations were in play, and companies had to have employees who could grasp the implications of laws across all the countries. Keeping up was difficult, and legal departments costs was running high for serious companies to try to comply with each country’s regulation. On the other hand less serious companies based in one country but doing business in another would make the argument that it didn’t have to obey local online privacy laws.
The GDPR effectively changes this argument by applying it to any business that has customers in any one of the member states. The new law also apply to companies from outside the European Union selling their products and services to European citizens in their respective countries. And if these outside companies don’t comply with the data protection law. They can be fined and their services or merchandise blocked by customs to prevent them from doing business inside Europe until they comply. While citizen’s personal data has been thus far protected by numerous laws across different countries and frankly, its privacy has not been taken seriously. The GDPR will change that. Now, firms will need to take extra care about how they collect, get personal consent, store, and use personal data. Plus, this regulation will actually encourage firms consolidate personal data into a unified platform–so that they are able to easily locate it, anonymize it if needed and report on it.
This is what insurance companies call the golden record or a Customer 360 view. This presents a unique opportunity for businesses to better respond to customer requests, engage with them in the ways they prefer, and ultimately being able to innovate but also comply with the data subjects rights to know how their data is used or if deleted. Avoid bad PR When data is kept behind strong security measures, thieves can’t get to it. And, when thieves can’t get to valuable data, there can be no security breach. No security breach means that there’s no bad PR to be had. Sure, it’s a simple concept, but inconsistent data protection rules across different countries made it harder for companies to be effective in keeping data separated and secured. Now, data can be kept under lock and key because there’s no need to separate it among different servers in an attempt to comply with different regulations. Stopping data breaches before they happen is much less difficult under the GDPR. Ability to report to one agency Investigating a data breach has been a difficult process because each country has its own rules and enforcement agencies to fight cybercrime.
It was difficult to figure out which agency did what, especially when the crime occurred across borders. Each sovereign state had to work with the other and hope that they could meet in the middle. Now, a lead authority in each state has the legal right to take action and to work with local authorities on the matter. It centralizes the reporting process and makes it easier for everyone to work together, no matter what country they’re in. You report to DPA – The European Data Protection Authority. Trust and bottom line These are some of the ways the GDPR is going to benefit businesses. Compliance is never easy, but the changeover to a single set of rules is beneficial to everyone in the long run since there has been too many data breaches compromising consumers the last couple of years.
Implementing Privacy by Design and/or Encryption to obtain GDPR Certification is not only a question about keeping the personal data secure, but by showing the certified logo on your website you build trust between your company and the consumers. At first sight the GDPR just becomes a simple regulatory pressure on companies to do the right thing. But for those who can invest in, and more importantly truly demonstrate, high levels of security, there may well be a greater prize. The possibility of creating an environment in which their customer’s trust is reflected, not just in a warm glow, but in the bottom line as well.