Are you a GDPR Ostrich ?
Do you know what, I get it.
The GDPR (General Data Protection Regulation.)
Its a bandwagon that every consulting company and their mother has jumped on.
“It’s ok, we are a small company they won’t bother coming after us.”
“It’s all hype. We’re based in the US, President Trump will not let those Europeans prosecute us. He’ll protect us.”
“It’s not actually that bad, they are just making it out to be bad so that they can earn money from people. It’s like the Millennium bug, something and nothing.”
“We are just going to wait and see what happens.”
When it comes to talking to businesses about the GDPR, I have heared all of these statements and many more. The list of reasons businesses bring up for why they are not going to do anything to become compliant is truly eye watering.
However I understand it.
I understand in some regards where they are coming from.
Yes it is true that every consulting company and their mother have jumped onto GDPR as a means of bringing in more income. And yes it’s true that some consultants working in the field are less than qualified.
However there is also the viewpoint that if, IF, every consulting company and their mother has jumped onto GDPR, may be, just may be, they have a point.
May be, this GDPR thing IS something that you need to pay attention to.
May be this GDPR thing, is a seed change in how the European Union is going to start treating companies who make use of its citizens data.
“The Belgian Commission for the Protection of Privacy announced it may administer penalties to the creators of apps that can listen for the TV programs a user may be watching. Research conducted by The New York Times found numerous apps use software from the company Alphonso to determine what programs users watch. While the company claims its software can distinguish the sounds coming from a TV, the margin for error could also result in the apps collecting private conversations. The regulator said it could start administering fines once the EU General Data Protection Regulation comes into effect in May.”
Telecompaper 5th Jan 2018
Now, one response to this article is ‘Jeez, I didn’t know they could do that.’ And that is partly the point of the GDPR. Our data collection and analytics capabilities are now so advanced that it is impinging on our fundamental Human Rights, and it is from these fundamental rights that the right to protection of personal data comes.
The other point to take away, is that national Privacy Commissioners are indicating, publicly, that they WILL go after data uses that previously they were unable to. Be that novel collection, in the case of listening to your TV. Or working collaboratively with other counties to understand and prosecute the global giants like Facebook.
The GDPR is just the start of a series of pieces of legislation focused on the corporate use of citizens data. The GDPR comes into force on May 25th of this year, together with the new European E Privacy regulations. Businesses who continue to do a very poor impression of an Ostrich will find themselves under the unwelcome spotlight of the regulator very quickly, and that’s sure to ruffle some feathers.