GDPR: One Year On – is daunting topic and I couldn’t help myself avoid parallels with foretelling what my young sons will grow up to be. In both cases it is impossible to predict what outcomes lie ahead, but whilst I look at the life ahead for my boys with nothing but promise and positivity, I can’t say that I feel as positive about GDPR and Privacy.
GDPR is European but has had an impact globally. It is recognised as the data protection gold standard to be emulated. It is central dialogue for many organisations. Questions are being asked by senior executives about data governance that were never asked before, the DPO roll is increasingly recognised as a strategic post and consumers have a growing awareness of data empowerment. These are things to be celebrated!
Most companies are seeing the economic benefits of being prepared. They experience fewer breaches and therefore less consequences which leads to higher trust with their customers and increased profits. Indeed, many of XConnect’s customers and suppliers have made considerable progress and they value GDPR highly. However, I also observe a very polarised market and worry that GDPR may fail to meet its policy goals of protecting EU citizens because Capital, rather than democracy is dominating the privacy debate.
As a consumer, I do not recognise any shift toward respecting personal agency by Google, Amazon, Facebook, Microsoft. Acquiring vast amounts of personal data has been normalised and my sense is that GDPR, in particular consent management, has legitimised these practices rather than curtailed them. In much the same way, restrictions on 3rd party tracking strengthened leaders positions in display advertising marketsrather than limiting tracking.
Equally, I am left feeling cold about some mobile identity initiatives which will simply service as a means of creating a ubiquitous tracker to deliver predictions and outcomes, furthering the cause of the existing flows of capital into surveillance which GDPR isattempting to curtail. However, whilst the biggest GDPR fines levied still only amount to a few hours of revenue, they are setting precedence.
Some organisations in our market are also still failing to adapt. It’s unclear if they don’t care, see GDPR as a threat or they are just poorly equipped, but GDPR has not made it into their DNA. This will impact these companies, their customers and our industry going forward, so it is important to institutionalise privacy into our sector.
To help build trust in our market we should be investing in certification schemes, such as ISO27001; increasing transparency and helping citizens understand the power and value of their data and meta-data they generate thus leaving them better equipped to exercise their rights effectively.
Finally, it is very refreshing to work with some mobile operators that want to activate their customers personal data in the wider ecosystem with sole intent of protecting their customers. It isn’t about monetising their data, it is about brand building centred on trust.
Trust is a competitive advantage and GDPR has stimulated this. Choosing trust and respect privacy sets your company on a different course that your customers will value. That’s where we’re heading with XConnect and our partners. I hope you’ll join in, but it is up to you.