GDPR is coming and it is about time
October 19th saw Frontline solutions hold their annual F&I Conference in Leeds, where one of the messages of the day rang loud and clear.
That message was to prepare for General Data Protection Regulation(GDPR).
By now, hopefully you’ve already heard of the GDPR, but in case not, briefly, it will become enforceable from May next year, and is generally being seen as among the biggest changes to how customer data is handled and viewed in a generation.
In many respects, it is about time. GDPR will be replacing the Data Protection Act 1998, an act that turning 20 years old that has been used to police how companies use customer data, despite gaining royal assent before UK consumers even had broadband (ADSL was first launched as a commercial project in 2000).
Since the Data Protection Act came into force, the internet has completely changed how we live our lives, and only companies now have far more access to customer data than at any point in history.
Facebook typifies this more than other company. Launched in 2004 by the then Harvard student Mark Zuckerberg, consumers across the globe have shown themselves more than willing to offer Facebook content – for example in the form of photos, statuses and comments – and data – most obviously through Facebooks ‘Like’ system.
In many respects, consumers are still not fully aware of just how valuable this data is. Research nearly five years ago from Stanford researchers found that using this data allowed a computer to better predict a person’s personality more accurately than most friends or family.
According to this survey, with just ten likes, a computer can more accurately predict someone’s personality than a work colleague. Increase the number of likes to 70, and the computer will beat a roommate. It takes 150 likes to beat a family member, and 300 likes will see a computer better able to predict someone than their own spouse.
The value of this data to marketeers, consultants, analysts, politicians, and just about anyone with an interest in either gauging potential reactions or making targeting approaches is obvious.
Yet people continue to give this data away for nothing, so clearly the service Facebook provides is either valuable enough to customer to act as compensation, or consumers are not aware of the value.
This is a classic example of a company having far greater access to customer information than those creating the Data Protection Act in the last millennium would have been able to predict. And this is why GDPR was needed.
Gary Hibberd, managing director, Agenci Information Security, put it simply: preparing for GDPR is not a small task. As well as business men and women, we are also consumers, along with our friends and family. Treating your customer data how you would expect your data to be treated seems like a decent place to start.