GDPR mandates data protection that should have been there all along

The new General Data Protection Regulation has gone into effect. If your company does any business in Europe, chances are you’ve already jumped through all the hoops of GDPR compliance.

There are many predictions about what GDPR will mean for businesses and consumers around the world. Some predict it will create a better internet because, as New York magazine points out, “websites and apps now need to make it very clear that they want to harvest your data and why — e.g., ‘so we can target ads more efficiently’ or ‘to sell it to third parties’ — and they need to make it easy for users to say no.”

Others predict that it will benefit big companies like Facebook and Google while forcing many small businesses under.

Here’s what it will most likely mean for your business.

mixmagic/mixmagic - stock.adobe.com

There will be an increased awareness about consumer data. At its core, GDPR is about cybersecurity and protecting the privacy of Europeans. With the recent breach of privacy by Facebook and Cambridge Analytica, there has been a general movement toward protection and ownership of personal data.

GDPR was developed to ensure that an individual’s personal data rights are not violated. Customers will now be able to clearly understand how businesses are maintaining and operating with regard to their data, and have the right to request their data (“data access and portability”) and delete their data (“right to be forgotten”) as needed.

There will also be a need to improve cybersecurity. In The State of GDPR Readiness report, Forrester analyst Enza Iannopollo wrote that “GDPR compliance is not a one-off approach; companies must embed it in the way the business uses personal data daily.”

She recommends an organization’s approach “must shift from one that is based on meeting compliance by focusing on satisfying individual requirements to one that is about building, executing and documenting a comprehensive compliance strategy, where risks are identified and mitigated consistently and effectively.”

Protecting customer data should have always been a priority for companies. With GDPR, they now have a framework for teams across the organization to adopt and protect their customer data. From now on, compliance will be intertwined with security, providing a platform to build a more comprehensive data security program and thereby improving data security practices across the organization.