Generic
Why tell customers about their personal data? Just because GDPR says so?
27/01/2017 | Written by: Rob Langhorst
Categorized: Generic
Share this post:
Transparency is one of the key parts of the European Union’s General Data Protection Regulation (GDPR) with which companies must comply by May 25, 2018. Personally I find this very surprising. I’m not talking about the fact that under this new legislation, individuals gain the right to know what personal data an organization has collected about them, and what it’s used for. What amazes me is that we do in fact need regulation for this at all. Shouldn’t transparency be there by default? And why would I mind my data being used, if it’s clear that this is being done for my benefit and with due diligence?
Let’s take a look at a few examples. Modern cars collect all kinds of data about where we drive, the way we drive and how fast we drive. Alarming? Maybe, but if I know that the car company is only using this information to optimize the maintenance of my car and doesn’t share it with others, I don’t have an issue. The same goes for the temperature control system in my house. I think it’s great that my power utility wants to help me cut back on my monthly energy bill, but I wouldn’t be amused if my data was hacked with the intention of clearing out my house while I’m on vacation.
What we learn from all this, is that taking good care of personal data basically implies three things. First, transparency is essential: make clear what data you’re holding as an organization and why you’re doing it. Second, you need to appropriately guard this information to make your customers, clients, patients or citizens feel secure. And last but not least: you must interact with them on an individual level and tell them what you are doing with their data, why this is beneficial for them and how you’re looking after it. This way, they will happily grant their consent for using it as a marketing tool, implicitly or explicitly. In essence this is what GDPR requires companies to do from 2018 onward.
So what should you focus on in your own efforts to prepare for GDPR over the coming year?
In my opinion there are five areas of attention you need to assess:
- Governance – Determine how you can embed GDPR into processes, norms and values. What measures need to be taken, are they effective and how can you improve on them?
- People and communication – Train your employees in living your norms and values. They need to know the risks and impact of using and protecting private data.
- Processes – Take a look at your processes: how will GDPR influence them, what’s the impact and how to implement the required changes?
- Data – Assess what data you have and what you’re using it for, and consider how to interact with individual customers, clients, patients or citizens. This is crucial in order to offer the transparency and gain the trust that I was referring to earlier. By doing this you will also prepare for GDPR from a business point of view. Setting up a Customer Interaction Center (CIC) can help you do this.
- Security – Secure your data in every way possible. Implementing firewalls, using encryption, monitoring data usage, etc. can prevent leakage and will also help to build trust.
Rob Langhorst, European GDPR Offering Leader, IBM The Netherlands
IBM nominated as ICT service supplier – Computable Awards 2017
Privacy issues are changing and the new legislation is leading. In May 2018, the new GDPR legislation will become effective, with new requirements for processing and processing personal data. IBM is one of the largest data processors and has acquired the necessary knowledge with previous privacy laws. It has resulted in a GDPR-specific architecture framework that IBM offers as a service. The main purpose of the GDPR assessment is a roadmap that prepares an organization for this GDPR legislation and to test risk factors in the organization of the client.
The complete jury report (in Dutch)
Vote for ICT service supplier of the year – IBM – Computable Awards 2017!
Note: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.
European GDPR Offering Leader, IBM The Netherlands
Is regulation enabling or hindering innovation in the financial services industry?
Anne Leslie, Cloud Risk & Controls Leader Europe, IBM Cloud for Financial Services Europe’s financial services sector is in the throes of wide scale digital transformation – a transition being accelerated by the growing adoption of digital solutions and services to help keep up with the demands of digitally savvy consumers. While there can be […]
The Digital Operational Resilience Act for Financial Services: Harmonised rules, broader scope of application
The Digital Operational Resilience Act – what and why As part of the European Commission’s Digital Finance Package, the new Digital Operational Resilience Act, or in short DORA, will come into force in the coming period. The aim of DORA is to establish uniform requirements across the EU that improve the cybersecurity and operational resilience […]
Banking on empathy
Suppose you’re owning a small boutique wine shop and have gone through two difficult years because of the Covid-19 pandemic. As the pandemic seems to be on its way back, it is time to revitalize the shop. And this causes direct a huge challenge: the wine stock needs to be replenished but you have used […]