Why new rules could transform data management
Every country then has about two years to implement the GDPR into national law and put in place the enforcement mechanisms, mechanisms that see the costs of transgression raising from a worst case of a few £100,000, to 4% of a your company’s global turnover! This alone has big corporates scrambling to put their data houses in order.
Add to this the considerable new empowerment of consumers’ rights over their data and you have the perfect storm of opportunity for agile digital developers to innovate; lumbering corporates will have to look inwards and work hard to adjust their corporate culture and processes while the innovator can quickly execute at the market level.
The GDPR drives several fundamental changes in data management that those starting from scratch will have no problems delivering, which those with legacy systems may find extremely challenging to implement. Lets take one simple example: the GDPR enables every citizen to require a corporate to delete all their personal data – in addition the definition of personal data is becoming more rigorous and will include meta data (your data about how someone uses your services) and potentially derived data from algorithms that directly relate to the digital citizen.
Since 2011 it has been cheaper to keep data than to delete it in the cloud, so the big data companies often build systems that use database ‘hide’ facility instead of delete (it avoids re-indexing which is a big system overhead). In unstructured databases there is often not even a mechanism to do a true delete!
Big task ahead
In order to do a delete one has to keep a careful link to the original provenance of personal data, something few corporates focus on, there has been no need. To retrospectively adjust your database implementation and your data management processes to this one ‘simple’ change is a mammoth task.
Those companies unable to adjust to the new regulation in a timely fashion face a major trust issue as empowered citizens will demand greater transparency and control over the use of their data. App developers and system innovators can build their culture from the ground up to embrace the GDPR and out-maneuver incumbents in the market through empowering digital engagement models.
Krowdthink architected its company culture and development processes to embrace the coming changes long before the legislation was affirmed last December. It is summarised on our Trust Pyramid (click on image below).
One of the operational principles we embrace is the idea of minimising data, based on the premise that no one can secure all the data all of the time – the numerous data breaches we see every day confirms this. So if you truly respect customer privacy you’ll seek to minimise the risk you expose your customers to by minimising the data you obtain and store. This has the additional virtue of making you a less attractive target for hackers too.
In our case we deliver a social location based digital engagement platform (called The Krowd), we call it a personal network. The Krowd does not even know or store location and only uses a pseudonym for its users, with a minimum of identifying data limited solely to email used for account password recovery.
In a world where location owners are under siege from social and other platforms, identifying and tracking their customers, putting at risk their primary asset, it becomes a major differentiator for a privacy preserving app to not only deliver its value to the end user, but to do so without delivering an over the top internet service that can identify the location owners customer database.
Small data can become a significant differentiating commercial asset – and it has the additional benefit of being delivered in a development framework that embraces the GDPR, reducing the burden of personal data management as a cost to the business, while setting a competitive privacy high bar versus incumbent social platform providers.
To learn more about how Krowdthink and other privacy innovators are commercialising their trust models and about the opportunities the GDPR enables, you can sign up to attend this event: www.theprivacyadvantage.com