When it comes to regulations surrounding data privacy and data governance in the US, the policy books have remained relatively empty. For the most part, whatever data a company can collect about their users belongs to the company.
With citizens of the EU, however, it’s a different story.
Members of the European Commission have taken several proactive measures to ensure the rights of their constituents’ data inside and outside of EU borders. This includes the Safe Harbor Agreement, the General Data Protection Directive and the Privacy Shield.
But step aside, extant data privacy regulation. Here comes GDPR.
GDPR, or the General Data Protection Regulation, will be replacing the current General Data Protection Directive in May 2018. This new collection of regulations will instate stringent regulations to protect the rights of data subjects and their personal information.
And it doesn’t just apply to EU businesses.
Any organization that collects data from EU citizens will be required to comply with GDPR regulations or forfeit the right to gather user data in the European Union. Companies will be required to demonstrate that they provide the necessary safeguards to data privacy.
And GDPR has provisions to allow EU citizens to enact legal action in countries outside of the EU in situations of infringement of data privacy or rights.
It’s a pretty big deal.
Are you ready?
Getting your company ready for the May 2018 implementation will be a challenge.
Studies done by Dell reveal that “[n]early 70 percent of respondents say their organization is definitely not or don’t know if their organization is prepared for GDPR today, and only three percent of these have a plan for readiness.”
Many companies don’t know how to answer questions such as:
- What is the process of reporting a data breach to a supervisory authority?
- How does pseudonymous data fit into GDPR’s regulations?
- Will companies participating in Privacy Shield be in compliance with GDPR?
These questions are important items to consider when structuring a data governance initiative. While data governance to protect the privacy of data subjects has always been a concern, it is especially the case now.
Data Governance and the Customer Experience
“Organizations need to focus on data governance not just because of the legal ramifications but the effect that leakage and security events have on the brand itself. As an industry we owe it to end customers to be transparent and ethical with data, ensuring that what is collected and known is used for the purposes of better experiences for those end customers. The precursors to massive change in our space are clear. Now we as an industry need to adapt before we are forced to.”
The way that a user’s data is used is integral to the customer experience, and not just when it comes to personalization and A/B testing. Customers like to know that if they submit data, that data is used responsibly.
GDPR is a reflection of a public that desires accountability on the part of data collectors and processors.
How do your customers feel about giving you their personal information? What effect does that have on your brand? Is your business suffering because your data governance strategy leaves customers feeling digitally vulnerable?
You need a data governance strategy that not only complies with the necessary requirements for participation in all markets, but also fosters a customer-centric, data-driven product or service.
- The current state of data governance in the industry
- The impact of current and future rulings on short-term projects
- 5 high-level areas of focus to prepare your business for upcoming regulations
To learn more about data governance in the looming shadow of the GDPR, along with additional actionable best practices from experienced analytics thought leaders, watch the 2016 Analytics Summit.
About the AuthorLinkedIn More Content by Jack Vawdrey