GDPR: An existential threat to data-collecting businesses?

GDPR exists to protect personal data from misuse or loss, and is an update from existing data protection laws. Broadly, the regulation brings about positive modify: the feeling was that the existing regulation was very poorly adhered to and the consequences of ignoring it were paltry.

GDPR is based upon the cardinal European man correct to privacy and data protection, and gives the regulators teeth to punish those who dismissed data protection equally an irrelevance, or considered the fines also small-scale to warrant a change in their approach to managing data.

Over the last ten years, we accept seen an enormous rising in enterprises whose very business organization model is based on the management, sale, or deep understanding of personal data. It is the egregious utilize of personal data that GDPR is designed to eradicate, and such firms confront an existential threat from GDPR.

For case, at its most basic, a search engine doesn’t need to capture personal data. If yet y’all want to tailor results based on previous information and history, that’southward a dissimilar matter. And if you base of operations your business model on knowing your customers and delivering tailored adverts: and so you have to rails personal information and you accept to laissez passer that information in some course onto your advertiser customers.

Social media also uses personal information to bulldoze business, and, operating within the law and the terms and conditions of the service, has sold on data or behavioural patterns to advertisers and other targeting groups. With GDPR at present in identify, all those enterprises managing and selling on data must closely examine their business models to ensure they are fully compliant. Importantly, GDPR does not prohibit this action, merely it does place obligations on the provider to exist transparent about the process, and to protect the data under their command. Simply I’m not certain that these companies fully empathise the existential threat they face.

Information technology’due south not quite fair to say that this information direction model (whom some call the Surveillance Capitalism model) crept upwards on people by stealth, but the Facebook/Cambridge Analytica certainly did a lot to draw mainstream attention to it. Questions have been raised at a governmental level about the moral and upstanding approach we should take towards the direction and monetisation of people’s personal data.

Information technology’southward articulate now that Facebook understands that privacy is an result, but they face a tough challenge in modifying their business organization model sufficiently to allay the fears of those who worry about privacy. We will see more moves past both Facebook and governments over the next year or and then – the story is not over.

Given in that location are now so many businesses based on the usage of personal data it is extremely likely there will be cases of information usage in a way which contravenes GDPR. 1 of the actions which a regulator can accept in the event of a data breach or misuse is to enforce the suspension of personal data processing. For social media, data aggregation or online search firms, this could present a complete disability to do business organization. If you tin’t process personal data, you can’t take orders, make sales, or pay people. Effectively an action of this kind means a break of business organisation.

Going further than GDPR, I am besides seeing a gradual (and in some cases reluctant) shift past businesses and governments outside the EU to treat personal data with more than respect and thus more regulation. The US regulatory framework is shifting very slowly towards the European model, and well-nigh certainly towards having a federal regulation. In the US at that place is more to lose from an economical indicate of view – as many of the firms most affected are based there – and so any regulation is probable to be less stringent than GDPR. GDPR’south underpinning by the European human correct to privacy is also missing in the US, so the foundations of any data protection law volition be different.

The reluctance from businesses comes from those who have built entire multi-million business organization models on personal information, and from any business that track confronting regulation. Reluctance is also shared past governments who don’t want to damage and impact this multi-1000000 dollar business. Yet, citizens, consumers and activist groups are concerned at the apparent imbalance between big concern and individuals’ privacy rights.

As the furor over privacy in social media and large tech continues, I run across tentative but persistent steps towards further legislation designed to protect private privacy. We are not done yet. But in that location is a articulate trajectory towards a more moral and regulated use of personal data.

Duncan Dark-brown

Duncan Brown is Forcepoint’due south Primary Security Strategist in EMEA, and leads the firm’s C-level date in the region. He advises customers on business strategy, and how this can be enabled and accelerated through the appropriate awarding of engineering. He acts as adviser and coach to CISOs,…

Read more articles by Duncan Brown

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.


Check Also

Will Dogecoin Go Up In Value

Will Dogecoin Go Up In Value

On Dec. 6, 2013, Billy Markus and Jackson Palmer decided to combine their dearest of …