With all the focus on data privacy and the increased cost and efforts organizations are putting into it, do we really need ANOTHER piece of legislation to have to comply with?
I’ve spent the last twelve months following the GDPR story. At first it was part of a simple presentation I was to give to some our executive customers, an example of legislation that they may need to comply with. What I learned as part of that work was that GDPR was a big deal. Not only was it the most stringent regluation of data privacy in the world, but it also had some of the highest potential fines in the world. With my business hat on, I learned of the potential impacts to our clients and also tried to understand how our products could or should help, and what we would need to change to help our clients remain compliant. At BMC, we have taken the approach of making sure customers can easily see where we can help, and importantly where we really can’t. Throughout this journey I must admit to a growing sense of unease. I saw the number of so called ‘experts’ doing webcasts, saw companies offering ‘GDPR solutions’ and the cynic in me wondered, ‘Is this all really worth it?’. I know all companies must take it seriously, the fines alone require that, but as one of our European customers put it “ We’ll get to that one after the one we’re working to comply with now..” Was it all just a big merry-go-round?
Recently though I’ve changed my view – see, I’m in the process of buying a house. It’s a few years since I bought my last one and this is the first time I have had to do it all on my own. While trying, the process has shown me some really interesting things:
- In the UK, you have to provide an awful lot of very sensitive data to a lot of companies to buy a house.
- My whole life is electronic, I leave a footprint with almost everything I do on a daily basis.
- If I want to prove anything about my financial history, I need to go to a website (sites, or applications) where the information is available almost instantly.
- Not only can I find this information instantly, I can make life-changing decisions with the click of a button, or maybe a phone call, provided I know a few key facts about me.
Now I’m sure many of you will be thinking that these things are really obvious, but in doing all of this and dealing with 5 or 6 different entities , I realised how vulnerable I am. The convenience of online access means things move along quickly, but if just one of the entities that holds my details were to be careless with my data, anyone could then prove to any other entity that they were me! And boy, is that scary!!
Another thought also occurred to me, if one of the companies that underpins my daily life lost my data, as in I could no longer get to it, it would cause a massive impact on my life. I wouldn’t be able to prove the things I need to prove, I wouldn’t be able to buy my house, and in many ways my financial life would be unable to function (at least for a time until we sort it all out).
This epiphany has made me realise that my data is perhaps one of my most prized possesions today, and that I need to be careful with whom I entrust it. It’s made me realise that yes, we do need rules to make sure that my data is secure. We must ensure that:
- I am aware of what data a company has recorded about me.
- The company keeps my data safe and secure, and only uses it for things I agree to.
- If there ever is a problem, it can be fixed quickly and nothing will be lost, ever.
When I am through dealing with a company, I can be forgotten – in other words, my data is deleted and removed. In short, GDPR actually makes a lot of sense and is very necessary for consumers. The fact that it has real teeth will mean that companies take the regulation seriously and shore up some of their aspects of data management. For me as a customer, this means the world!
In conclusion, with my work hat back on, I think GDPR IS necessary! Ignore the hype and focus on the meaning behind it. Work with organisations who can help you with those areas that you need help with, and remember, we are all data custodians and we owe it our clients to manage their most valuable asset – their data.
Learn more about BMC’s solutions that support GDPR here.