Do you have colleagues who see data protection regulations as a chore? Something to ignore as long as possible and then reluctantly follow only because they have to? If privacy and data protection is seen as an annoyance, perhaps we are looking through the wrong end of the telescope.
We have seen an interesting change in attitudes in some organisations – they’ve decided that privacy and data protection, if implemented correctly, can have a positive impact on their business. By embracing a culture of commitment to data protection, employees treat their customers better, they understand the value of data, and the company finds it easier to conform to the regulations. This can have positive pay offs to the business as well since customers want to do business with companies they trust and one of the major trust points today is data protection.
Sadly, there are many reminders of the problems of getting it wrong. And organisation, IT Governance, has tallied the admissions of data loss in 2016 and it comes in at a whopping 3.1 billion records. Listed by month, it makes sobering reading.
IDC have recently predicted that “In the next 18 months, 85% of consumers will defect because their PII is impacted in a security breach”. Data breaches can impact many parts of the business and have a long lifespan – an example of the total losses to a company is available here. The current delay and valuation drop in the Yahoo!/Verizon deal is in part due to the two massive data loss incidents, demonstrating the wide scope of problems that poor data protection can deliver.
The need to keep customers informed, the fact that they may be the first to know, and demands of regulators that data breaches must be made public puts power in the customer’s hands. And in today’s world, with social media at their disposal, customers can gain broad attention. Are you ready for data breaches made public at night or weekends; smart criminals will attack when they think your defenses are at their weakest, and this could also mean that the news is being partly written by your customers on social media. Be prepared to respond 24/7 both technically and have your public statements ready.
The European Union’s General Data Protection Regulation (GDPR) is due to come into force in May 2018, and this is perhaps the most comprehensive privacy regulation globally. It is also a global law as it covers not only businesses based in the EU, but any business worldwide that has data on anyone living in the EU – that’s over 500million people. To be clear, if someone from the EU enters their details into your company’s web site, you are subject to this law.
The GDPR was published around a year ago, but since then there have been further clarifications published. Based on this latest set of updates, we have updated our set of advice and guidance on GDPR. The eBook is now 50% longer than last year and includes more references with sections on how to set up your team, how to implement your GDPR action plan, and a long series of frequently asked questions. If we all follow these best practices the world will be a safer one for our data, customers will trust their suppliers more and business will grow.