Evolving data privacy regulations, like GDPR, pose many different challenges to organizations as they strive to be in compliance. Data assessment is crucial. Being able to understand where your areas of risk are is a logical first step. Updating written policies and data privacy agreements (DPAs) are key, while developing a roadmap towards data governance practices, education and training, and response management, all play a role in your readiness plan.
I recently hosted a number of customer roundtables on Data Privacy the these strategies all resounded as key starting points. These sessions are always great. The interaction between like-minded organizations sharing their experiences – their challenges, considerations and concerns on this journey is beneficial for everyone in the room.
I found that recently more concerns, and questions started to bubble up. Many are feeling that data privacy is just the beginning – the really work starts with data governance. An additional concern was how these regulations are somewhat unchartered territory, especially with GDPR – they are complex articles and there’s little or no precedents. Another common concern was the businesses ability to react to data subject access request (DSAR) challenges at scale? Will there be a sub-section of the population attempt to disrupt businesses with erasure and right to be forgotten requests?
In that regard, an article written for Computer Weekly revealed that more than a third (34%) of UK consumers polled plan to exercise their right to be forgotten after the GDPR compliance deadline of May 25th, and 60% plan to question how much data businesses hold on them - while only one-in-five actually trust an organization with their personal data. If this is any indication on how the broader EU citizenry will react, the potential disruption could be very measurable. On the positive side, the survey did indicate that 58% of respondents believe these steps are positive towards protecting their personal information and 32% felt positive towards how brands will use their information when the regulation is in place. Data Privacy regulations can act as a real opportunity for organizations to establish trust with the consumer and utilize their response to data privacy as a positive for building more brand loyalty.
And lastly, many wonder about the negative outcomes around the corner. How will regulators react? Will they show leniency and promote good governance practices over fines? Will they look for a large multi-national that is a “soft target” to make an example of? What if GDPR can be weaponized? In a world where reputation risk, shareholder value and brand value can be impacted (even by an “alleged” wrongdoing) by a single tweet, this might be the interesting story to follow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.