Born from a desire by companies and the various governments of the European Union to harmonize and strengthen the rules relating to the protection of personal data, the General Data Protection Regulation (GDPR) will be the new reference text in force from May 25, 2018.
The GDPR implies many changes
Whether it is on the technical (“security by design”), organizational (appointment of a data protection officer), procedural (collection of “explicit” and “positive” consent from the user) or financial aspects (with financial penalties that can reach up to 4% of the annual global turnover or 20M euros), the implementation of the GDPR within companies will present many challenges.
But it is also a source of opportunities in terms of customer relations, data capitalization, relations with service providers and the fight against piracy.
All the changes imposed by the regulation converge to “give citizens back control of their personal data”. And in doing so, it will push companies to get closer to their customers’ needs and serve them better, thus strengthening their customer relationships by putting the customer at the center of the business.
The regulation will require companies to map in detail both the data they have and the processes they carry out. This is the stimulus that many companies have been waiting for to finally launch the great project of taking back control of their data. In an increasingly data-driven and customer-centric economy, this data is an important source of wealth and the state of play imposed by the GDPR will allow companies to take advantage of a capital that is still untapped for many of them.
Another major development is the co-responsibility in the data processing chain. Thus, the subcontractors will be liable in the same way as their partners in case of breach. These shared obligations will establish a chain of trust between the various stakeholders and will also raise the level of confidentiality and security of market players.
Beneficial to individuals but also to companies
The efforts required from data controllers regarding data security with the implementation of their encryption, pseudomization and anonymization, will also benefit companies by preparing them to prevent the risks of hacking and data leakage increasingly important.
GDPR is an opportunity for companies to regain control over their data, improve the quality of their customer relationships and establish a true chain of trust with their providers and partners. The efforts made for GDPR compliance are an investment whose ROI will have to be measured.