GDPR – So what’s in an acronym? Or to be correct an Initialism!
GDPR – General Data Protection Regulation
There is a tonne of information on the internet and on various websites about how the EU General Data Protection Regulation GDPR will affect almost all organisations, from 25th May 2018, who gather information from anyone residing in the EU, irrespective of the size of the organisation.
There are of course two ways of looking at GDPR – firstly from the consumers side and secondly from the company holding the consumers data.
I think there are two concerns here from the consumer side.
The first one relates to data gathering history. As a consumer myself (as of course we all are!) I would be most interested in the personal data held by organisations I’ve interacted with over the years but have long since ceased to buy or interact with. In this case, where is my data? Who has access? And what are you doing with it?
In the other case, if I am buying a service or product currently from an organisation, I will want to know that the data they gather on me is relevant to the products and services I’m interested in. so long as they can explain this in a clear manner and I can see the benefits of providing personal information to improve my experience with them – then I have no problem with the data they want to gather from me.
GDPR – It should be a two way street!
A partnership between the supplier and the customer (consumer) to the benefit of both parties.
Here in lies the challenge. There is nothing the consumer can do to ensure the data they provide is protected once it’s within the supplier’s infrastructure. However, conversely there is everything the supplier can do to protect the consumer data within their infrastructure.
I think that GDPR offers huge benefits for organisations (suppliers) who have taken steps to ensure their customer (consumer) data is as secure as it can ever be. Controlling access to their employees and continually reviewing that access is key – a mature Identity & Access Management program goes a long way to providing data access integrity, for both the consumers (all of us) and the suppliers providing the services and products.