Are you aware of the forthcoming European Union (EU) GDPR legislation coming into effect from May 2018? GDPR stands for General Data Protection Regulation and is the first time that the EU has completed reviewed data protection in over 20 years. The last review was back in the early days of the Internet, and therefore GDPR aims to bring together all the fragmented laws from around Europe to create a consistent, clear policy on how data can be used.
The main intention of this review is to fight cyber crime. Security is more critical for companies and citizens than ever before. We need to reduce or eliminate risk wherever possible. Companies are collecting more and more data on their customers and yet there are some big risks associated with this:
- $575bn was lost last year due to cyber crime;
- The average cost of a data breach is $6.5mn;
- Data breaches are getting more common. In the 2013-2015 period, they increased 43% compared to the previous 3
GDPR really sets a new benchmark for the way that companies in Europe can use personal data. In particular, there is an explicit confirmation that customers own their own data – so companies need to be very careful to ensure they comply with all regulations when collecting and storing data.
This pwc report nicely summarises the top five aspects of legal responsibilities that executives need to be aware of. Once GDPR takes effect, companies wanting to use customer’s personal data must:
- Ask them for consent or the permission to use personal data.
- Disclose how data will be used and who will have access to it (data access).
- Enable data portability to allow customers to transfer their personal data between organisations.
- Guarantee the “right to be forgotten” or the deletion of customers’ personal on-demand data when needed.
- Apply “data protection by design”, i.e. technologies guaranteeing the security of personal data.
I think there are several areas where some companies might struggle to be compliant with these new regulations:
Consent; companies will no longer be able to hide behind long and unreadable terms and conditions. It needs to be clear if you want to store customer data and you will need to state why and get consent from the customer without fooling them into clicking an ‘agree’ button.
Right to Access; Individuals have the right to know if any data is being stored related to them and ask what is being stored, why, and how it is being used.
Data Erasure; individuals have the right to be completely forgotten by companies who stored their data, AND this applies to third party companies that work with the one storing the data.
It is a sweeping set of changes that affect any company storing information on their customers – which is pretty much every company today.
Last year the Teleperformance CX Lab found that over 70% of customers will move, or try to move, from a company that has placed their data at risk through a breach. We have been studying the implications of GDPR for a long time now because we interact with over 40% of the entire population of the planet when you add together all the customers of our clients that we engage with.
We are ready for GDPR today. How ready is your business? For more information on what GDPR means for your business please click here to download our free white paper.
Please feel free to comment or ask GDPR questions here or send me a direct message via my LinkedIn.