Click to learn more about author Anne Hardy.
It’s been over three years since the EU implemented the General Data Protection Regulation (GDPR). The sweeping data privacy laws offer users the “right to be forgotten.” But sometimes, organizations don’t feel obliged to comply. We have come to the crossroads in our data compliance journey because the laws designed to protect consumer data are inefficient. Fines and pushback against new regulations suggest compliance will not enforce protection so much as force companies to budget for its existence. It would be a shame to treat compliance as a speeding ticket, especially as companies face low consumer trust globally (currently, only 21% of consumers trust established global brands to keep their information secure).
The next few years will be a crucible for data compliance laws. To ensure the success of these laws and strengthen consumer protection, companies need to adjust their attitudes towards data collection, tech giants should set compliance examples for smaller companies, and regulators need to enforce the rule universally.
Outdated Attitudes Cause Breaches
The old way of doing business – collecting as much data as possible and sorting it out later – is unacceptable. It’s potentially harmful to consumers and plays a significant factor in compliance breaches. Companies aggregating data should prioritize collecting only data required to accomplish the immediate activity. However, it takes a bit more than an attitude adjustment towards data collection to avoid compliance breaches. Companies must look towards adopting strategies to maintain healthier data.
Data health helps prevent breaches because healthy data is organized, trustworthy, and accountable. It ensures those responsible for maintaining compliance know precisely how and where sensitive information is stored, why it was collected, where it came from, and its use. However, keeping data healthy across every department of a company can be a tall order. Leaders must be ready for significant changes. Maintaining healthy data means shifting enterprise culture and investing in new technologies to oversee the health of its data.
The Journey to Compliance and Data Health Begins with a Single Step
Lao Tzu said, “The journey of a thousand miles begins with one step.” In the case of data compliance, that begins by investing in technologies that organize data throughout every enterprise department, like pipelines and data warehouses. Second, take a top-down approach by appointing Data Management leaders across departments. Now your company can take the proper steps to continue shifting its cultural focus to ensure data quantity and quality from each department.
Learning from Giants
Companies must invest in time and resources to become fully GDPR-compliant. It’s worth it in the long run to avoid violations, fines, and reputational repercussions. Major tech giants should look at these new laws as an opportunity to adopt better data collection practices – even though the difference between their revenues and the cost of the fines means they don’t necessarily have to get behind.
While they can certainly afford the cost, big tech should take the opportunity to set an example for smaller companies by adopting strict compliance policies and adhering to them. The household-name companies have a real chance to use compliance laws as a foundation to create industry standards for protecting consumer data.
These companies are essentially the keystone species of their respective fields. If they choose better data collection standards, the rest of the ecosystem, from small businesses to burgeoning start-ups, will adopt the same standards to remain competitive. All of this leads to a safer environment for consumers and a synergetic dynamic between company and customer. Adopting new data practices may present challenges for companies of all sizes. In the end, however, the boost to business caused by raising collection standards will prove to be a lesson worthy of the giants poised to teach it.
Regulators Need to Shift Focus
While big tech companies can leverage new compliance laws as a teachable moment for the rest of the industry, big tech isn’t the only entity that should be held responsible for its role in compliance. Regulators need to ensure they’re observing companies of all sizes. Without accountability from the top down, law enforcement is toothless. Enforcement is complex and challenging for everyone. Therefore, it’s important to show no business is immune to compliance – which provides an opportunity for regulators to collaborate with big tech on solutions rather than making them the victims.
As start-ups and smaller companies grow and become responsible for more sensitive information, it’s essential for business and public trust that these companies have a proven compliance record. There should be no threshold for enforcement. Otherwise, you hinder growth by struggling to adopt new data practices rapidly. Worse, if a growing company is given a public contract and still operates with unhealthy data collection strategies, their breach of compliance could become a matter of national security. It won’t be easy, but regulators should cast an industry-wide net for compliance laws to become genuinely effective.
GDPR and other regional regulator standards provide a step forward towards increased information security. But the law won’t meet its potential if all companies do not prioritize healthy data practices. Most importantly, regulations shouldn’t be the only reason for protecting sensitive information. Companies should be proactive in their approach to safeguarding private data, not just for fear of compliance violations but to build and retain customer trust. It’s the only way businesses will move past the crossroads and achieve compliance and new business ventures.