Since the passing of the European General Data Protection Regulation (GDPR) two years ago, you will certainly have noticed the incessant assault of pop-ups on every web page you view asking after your personal data preferences. Although a source of irritation while scrolling through websites online, something that the lockdown has undoubtedly brought to the fore, it serves as a useful reminder that we should all think more carefully about who we grant permission to use or view our data.
As nations across the world have been vehemently tracking the spread of the current pandemic, the conversation around privacy has inevitably taken centre stage. For example, Brave has suggested that too many business are flouting the regulation without incurring fines, meanwhile others are pushing for laws to be relaxed further to allow companies to utilise personal data to fight the pandemic. With more of the population working from home than ever before, there is inevitable increased data risk, meaning that the conversation around GDPR has never been more pertinent. Regulators have been issuing guidance on the legality of new technology used for COVID-19 contact tracing, suggesting it's time to ask if the rules around GDPR should be changed and if it has actually been at all effective over the last two years?
Impact of COVID-19 on regulation
Consumers globally have been more willing to share their personal data with organisations and governments in the face of the pandemic, in an effort to ‘do their bit’ to help track the spread of the virus. When given a choice between privacy and health, most will choose health, and if given a good purpose for giving away personal data, consumers will tend to do so. This is often referred to as the data-value exchange. This can be seen in countries including Israel, South Korea, Singapore and Taiwan who have been quickly implementing technology using data from smartphones for the likes of contact tracing and quarantine control. However, without a regulation similar to GDPR in these countries, concerns have been raised that some of the data collected is so detailed that individual people can be identified from it and privacy abuses will follow.
Unfortunately, this choice between privacy and health is a false one, as we all can and should enjoy both privacy and health without negatively affecting efforts to tackle the pandemic. The tools, technology and processes that have been put in place to deliver GDPR compliance as a defensive programme can be leveraged by businesses as a competitive offence for faster innovation and better business analytics, to help mitigate the effects of the pandemic. The companies that have already invested in a data governance and privacy strategy in compliance with the GDPR are positioned to share their anonymised data insights and collaborate with others on critical projects.
It's not all doom and gloom
Currently, not all organisations have a robust data governance, data privacy or data management strategy in place. Many see implementing extra technology as a cost. But, the technology deployed for GDPR compliance can also help to implement a robust data management strategy, as well as with achieving compliance. Thinking about these technologies as a balancing act between increasing risk and cost, and more exposure for new opportunities to a business, has led many to differentiate and innovate at a slower pace, taking more time than they need to undergo digital transformation and implement a robust data strategy that accelerates value creation.
It has never been easier to utilise technology to support organisations in automating a good data management strategy. Five years ago, if you wanted to carry out an data audit of your sensitive information, it was often a manual, laborious and time-consuming process. But today, with AI and metadata-driven discovery tools available that can catalogue this data quickly and automatically, the process is much quicker, despite working with larger, globally dispersed and more fragmented data sets. With AI-based discovery tools deployed, businesses can help ensure they always have access to the most up to date, relevant information to support high quality decisions to drive revenue generation with lower risk of abuse.
At a time when businesses have access to more data about their customers than ever before, an important element of being an ethical, trustworthy organisation, is how carefully and responsibly it manages that data exposure, in line with privacy policies. Smart business leaders know that they don’t own the customer data they collect - they are responsible stewards of it! By keeping it safe and only using it for permitted purposes that align to customer instructions, organisations can win customer trust, preserve loyalty—and in turn, create better customer experiences and business outcomes, all from actively complying to the GDPR.
Although inconsistent in its enforcement, companies would be better positioned to adapt and adopt a strong data governance strategy in compliance with GDPR for the advantages it can bring, instead of looking to avoid it. After all, it’s raised awareness around the risks associated with our data, and in turn, caused us to think about how we use our data more. At a time of global crisis, GDPR can be utilised not only for innovation, but it serves to remind us that we have a choice over our own privacy and in a far more comprehensive sense than the limited options presented to us in the next webpage notification pop-up.
Author: Greg Hanson, VP EMEA and LATAM, Informatica