General Data Protection Regulation (GDPR)
Why tell customers about their personal data? Just because GDPR says so?
27/01/2017 | Written by: Rob Langhorst and Rob Langhorst
Categorized: General Data Protection Regulation (GDPR) | Security
Share this post:
Transparency is one of the key parts of the European Union’s General Data Protection Regulation (GDPR) with which companies must comply by May 25, 2018. Personally I find this very surprising. I’m not talking about the fact that under this new legislation, individuals gain the right to know what personal data an organization has collected about them, and what it’s used for. What amazes me is that we do in fact need regulation for this at all. Shouldn’t transparency be there by default? And why would I mind my data being used, if it’s clear that this is being done for my benefit and with due diligence?
Let’s take a look at a few examples. Modern cars collect all kinds of data about where we drive, the way we drive and how fast we drive. Alarming? Maybe, but if I know that the car company is only using this information to optimize the maintenance of my car and doesn’t share it with others, I don’t have an issue. The same goes for the temperature control system in my house. I think it’s great that my power utility wants to help me cut back on my monthly energy bill, but I wouldn’t be amused if my data was hacked with the intention of clearing out my house while I’m on vacation.
What we learn from all this, is that taking good care of personal data basically implies three things. First, transparency is essential: make clear what data you’re holding as an organization and why you’re doing it. Second, you need to appropriately guard this information to make your customers, clients, patients or citizens feel secure. And last but not least: you must interact with them on an individual level and tell them what you are doing with their data, why this is beneficial for them and how you’re looking after it. This way, they will happily grant their consent for using it as a marketing tool, implicitly or explicitly. In essence this is what GDPR requires companies to do from 2018 onward.
So what should you focus on in your own efforts to prepare for GDPR over the coming year?
In my opinion there are five areas of attention you need to assess:
- Governance – Determine how you can embed GDPR into processes, norms and values. What measures need to be taken, are they effective and how can you improve on them?
- People and communication – Train your employees in living your norms and values. They need to know the risks and impact of using and protecting private data.
- Processes – Take a look at your processes: how will GDPR influence them, what’s the impact and how to implement the required changes?
- Data – Assess what data you have and what you’re using it for, and consider how to interact with individual customers, clients, patients or citizens. This is crucial in order to offer the transparency and gain the trust that I was referring to earlier. By doing this you will also prepare for GDPR from a business point of view. Setting up a Customer Interaction Center (CIC) can help you do this.
- Security – Secure your data in every way possible. Implementing firewalls, using encryption, monitoring data usage, etc. can prevent leakage and will also help to build trust.
Rob Langhorst, European GDPR Offering Leader, IBM The Netherlands
Note: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.
European GDPR Offering Leader, IBM The Netherlands
What can we learn in the Benelux from the current data breach trends?
Never before was the impact of cybercrime as large as in 2021. The average cost of a data breach, for example, increased by 10 percent compared to last year, according to the 2021 edition of IBM’ s annual Cost of a Data Breach Report. What are the most striking findings in this report? And […]
How Crelan will use AI and machine learning to monitor and detect online fraudulent transactions
How Crelan will use artificial intelligence and machine learning to monitor and detect online fraudulent transactions
Close the gap in the protection of your employees at home and in the office
IBM partners Proofpoint and CrowdStrike integrate best-of-breed e-mail and endpoint security More and more people are working remotely. This results in extra security risks, as also shown from the figures: 92% of all malware on a business network comes in via e-mail. How can you protect your employees against this? Watch the webinar to find […]