Post-GDPR world: Any change for the better? May 15, 2019
With May 25, 2019 just around the corner, businesses around the globe may remember this date with mixed emotions. You might recall that last year on this day the sweeping European Union’s General Data Protection Regulation (GDPR) came into effect and changed how the privacy industry functioned.
GDPR: all set to turn one-year-old
As we edge closer to the first anniversary of GDPR implementation, it seems the feverish rush to become GDPR compliant which took over the world of business has relatively calmed down. Whether this is because organizations and consumers previously were in constant bombardment with GDPR-related content or because the revised privacy policies are settling in, either way, the GDPR no longer grabs headlines as it did a year ago.
GDPR compliance: Still a distant reality
During my recent interaction with an online privacy expert, I was interested to learn that the industry feels the GDPR has not been entirely successful in addressing all the issues. Although it’s about to be the first anniversary of the implementation, the world of post-GDPR business is filled with anxiety. Believe it or not, a large number of organizations are still not GDPR compliant. A recent report released by the GDPR and e-privacy compliance firm Cookiebot stated that 89% of EU government websites are not yet GDPR compliant.
A recently published Forrester study “Security Through Simplicity” commissioned by Microsoft shares a similar opinion, stating over 40% of the surveyed companies had failed to comply with the GDPR.
Keeping in mind that data breaches are growing at a steady pace, non-compliant enterprises can only hope that they never find themselves on the wrong side of the GDPR.
GDPR inspired data privacy laws across the globe
Since the GDPR came into effect, legislators globally have been inspired to push their ‘own’ data protection laws. In countries like the US, Brazil, China, and Chile, data privacy is becoming legislated, which points out that the “GDPR standard” is here to stay.
From the California Consumer Privacy Act of 2018 (CCPA) to Brazil’s Data Protection Bill of Law and China’s Internet Security Law, the GDPR has set the tone with stricter penalties and ground-breaking policies.
In Brazil, the general data protection law that is scheduled to come into effect in February 2020 bears a considerable resemblance to the GDPR in essential areas such as consent, the definition of personal information, transparency. Recently, Malaysia announced it would make its privacy law fall in line with the GDPR.
Although many of the upcoming countries’ regulations will be significantly borrowed from the GDPR, they will also be quite different from each other. The much-talked-about CCPA which is scheduled to come into effect early next year will be emphasizing the purchasing and selling of personal data instead of the GDPR’s broader approach of personal data processing. Also, the CCPA does not follow GDPR’s stringent “specific, informed, unambiguous and freely-given” consent and will be requiring only an opt-out for customers.
Among the other countries that are expected to join the ranks with privacy regulations are Bahrain, Hong Kong, Monaco, Switzerland, Uruguay, and Israel.
Tips for businesses in handling the post-GDPR complexities
While countries across the globe steadily realize the relevance of data privacy, it is a must that businesses adapt to the post-GDPR world because non-compliance penalties are huge and stringent data privacy norms are likely to become the norm soon.
Last year, research by Talend stated that approximately 70% of organizations globally were unsuccessful answering the requests made by individuals to bag a copy of their personal information within the one-month limit defined in the GDPR.
Also, no business, irrespective of its size and shape, would prefer to incur the non-compliance penalties worth €20 million or 4% of the annual global turnover. I feel that in the coming days, compliance with the GDPR will gain momentum and in that way, organizations will be equipped to handle the post-GDPR world more easily.
Here are some tips that will come handy for organizations striving to manage the post-GDPR implementation situations without any trouble.
1. Follow the quarterly approach to engage in customer database audit and be sure to address and answer the following questions:
- Has every individual in the customer database shared their consent?
- What is your organization’s reason for storing customer data? Are you using it to support your business objectives?
- Have you removed all customers from the database who have chosen to unsubscribe or opted for no data sharing?
2. Maintain data harmony across different departments.
- Develop a comprehensive data strategy that emphasizes the customers’ rights to access.
- Identify a data integration platform which is capable of undertaking data extraction from your present systems, including shared data and systems of vendors, and that shows you clearly what data can be read.
- Implement consistent data extraction to meet the GDPR rules effectively. Your organization will benefit by looking at the GDPR as a viable opportunity to grow your business and present yourselves as a trustworthy partner for customers.
3. Include a “right to be forgotten” capability in your data strategy to facilitate your business being compliant in implementation.
4. Automate processes
If your organization equips your staff, especially those in service and sales, with an appropriate data management tool, customers will be instantly notified about requested and necessary actions taken. Proactive notification proves to be a win-win for the customers and the company. When organizations offer customers a hassle-free experience, it tends to propel customers to come back again and again.
The parting words
As we inch closer toward the GDPR’s first-anniversary mark, your business should embed a privacy culture deep within and throughout your operations and processes—data privacy acts are here to stay. Openly consider the possible perks of complying with the GDPR: enhanced accountability, better data governance, strengthened record-keeping, on-time audits, maintaining data-protection protocols, and stronger relationships with your customers. It is understandable to view the GDPR as a tough nut to crack and demanding extra cost and effort, but in the long run, the hard work will pave the way for enhanced customer trust, priceless.
Taking into account that the world of business is becoming increasingly competitive, your business should aim to rise above the fray in building a robust security culture and implementing data protection, promptly adopting a data privacy regulation like the GDPR.
I will repeat it once again—become GDPR-compliant even if you think your business doesn’t need to. Reason? Whether you like it or think about it every day or not, the GDPR has set the stage for global data privacy, and in the coming days, the role of these regulations will only increase. Countries are taking the cue from the GDPR and arriving at their own data privacy acts (don’t forget that the CCPA was inspired by the GDPR and will come into effect on Jan 1, 2020). If your business is GDPR noncompliant and you are under the impression you can operate on par with your competitors, I would recommend you brace yourself for a rude awakening.