We’re 15 months away from the GDPR changing your life forever. GDP who? You may not have heard much about the General Data Protection Regulation (GDPR in short) but I can assure you that now already many CIOs are losing sleep over this acronym. And some CFOs and even CEOs along with them.
In order to help organizations become and remain compliant with the GDPR, SAS has organized an insight session earlier this week. We had a talk with Kalliopi Spyridaki, chief privacy strategist Europe at SAS, about the main concerns around GDPR, but also about the opportunities arising from this legislation.
What is the GDPR exactly?
Kalliopi Spyridaki: “The GDPR is a European regulation that strengthens the protection of our personal data and takes firm action against those organizations that violate our privacy. The GDPR, on the one hand, strengthens our rights as consumers to, for example, access our personal data that an organization holds, request to move them to another (competing) organization, and to delete them altogether (the so-called 'right to be forgotten'). On the other hand, with the GDPR every organization becomes accountable for the protection of our personal data. This includes security measures against data breaches and related obligations in case a breach occurs of e.g. the need to quickly take appropriate measures to mitigate the risks including alerting all persons involved as well as the competent authorities. Organizations that do not comply with the law, may be fined up to 4% of their annual global turnover.”
Does the GDPR really offer new opportunities? Mostly we hear about the GDPR in the context of threats and associated costs.
Kalliopi Spyridaki: “The GDPR may at first seem a menacing sword of Damocles for each enterprise working with customer data (and don’t they all?). But I would argue that the GDPR creates unique business opportunities for companies to become more competitive, offers unprecedented innovation potential by being a new market driver and gives an incentive to holistically review a company’s data strategy with all the advantages that this can bring in today’s data economy.”
“There are already numerous examples of innovation inspired by the GDPR. For instance, in order to overcome the issue of the need to obtain consent in order to use personal data for the purposes of monitoring individuals’ shopping behavior within a store, an analytics company has created smart floors which only analyze footsteps. With impressive accuracy, they can derive basic demographic information on the owner of the footstep (e.g. gender, age, economic status) and then provide insights into e e.g. the gender or number of consumers that have visited the store or the reaction of individuals to a particular advertisement that was displayed in the store. This is just one of many examples of how a company can deal creatively with the need to find the right balance between understanding customers and respecting their privacy.”
Interesting new market! Can you see other positive consequences of the GDPR?
Kalliopi Spyridaki: “The GDPR also provides opportunities for companies to present themselves as privacy ambassadors instead of seeing privacy as a necessary evil. A large dose of transparency plays a major role here: the more you communicate with your customers about what you do with their data, the higher the chance that they will allow you to process their data because they trust you. Transparency is a win-win for both consumers and organizations. .
We even heard you call the GDPR a strategic opportunity for every organization. Can you explain why?
Kalliopi Spyridaki: “Simple: the considerable effort required from companies in order to be GDPR 'compliant' - i.e.identify exactly what data about what people are located where and protect them accordingly - are also useful in order to get a better understanding of the data that an organization holds. That is all data and not just personal data. The GDPR creates an incentive for companies to reassess their data strategies and to consider more robust data management and data governance policies for all their data. Data insights can then be used as a basis for strategic decisions, so that your business strategy is based on statistics rather than the so-called 'gut feeling'. Research has shown that ‘calculating' companies perform better on average than comparable companies that rely on their 'gut feeling’."
“The GDPR is, admittedly, quite a challenge to be handled by each organization by next year when the law comes into force, but also in the years to come as GDPR compliance is not a one-off exercise. But if you have done your homework, why limit yourself to just being "compliant": some great opportunities are up for grabs. Are you ready to tackle this new challenge?”