iQoncept - Fotolia
GDPR compliance requirements drive new winds of data privacy
Hello, GDPR. May 25 is the witching hour for enforcement of the EU's much-discussed GDPR compliance requirements -- and it's a harbinger of more changes to come.
As enforcement of the EU's General Data Protection Regulation comes due this week, it finds legal, security, IT, marketing and data shops in various stages of realization or denial.
Ready or not, GDPR is here, and many companies that jumped headfirst into big data will come up for some air, look at GDPR guidelines and perhaps, bring a little bit more data governance to their data undertakings.
The GDPR compliance requirements are about ensuring the privacy of personal data. This has not always been top of mind in a recent history that saw the emergence of Hadoop, data lakes and ubiquitous online ad brokering. GDPR comes with potential financial penalties that can kick companies in their bottom lines if the EU finds they are not playing fair with the customer data they collect.
Still waiting on GDPR compliance plans
The financial penalties in GDPR are scaled, and would hit bigger companies harder. It may not be surprising, then, that many smaller businesses are just catching up with GDPR. A recent IDC survey found one-third of European small and medium-sized businesses (SMBs) have not yet devised plans to comply, and that more than one-half of non-European SMBs are in a similar position.
There are other reasons companies move with some caution. On both sides of the Atlantic, companies have seen standards come down before with varying thuds. They may not be unwise to take some measure of wait-and-see attitude as GDPR enforcement gains more definition.
Unquestionably, the big data world is waiting to see how quickly GDPR regulators confront big data prodigy Facebook. CEO and founder Mark Zuckerberg's appearance this week before the European Parliament was an attempt to buy some time in that regard.
To protect and govern personal data
The push to meet the GDPR compliance requirements will spark renewed interest in and commitment to data governance, according to Dave Wells, an independent consultant and industry analyst, but data governance tools are just part of the overall picture.
They'll help, but as Wells emphasized, tools and processes don't really govern data, they govern how people behave when working with data. When he recently discussed the upcoming May 25 GDPR deadline, Wells had some advice for the data pro.
"Identify critical data assets, critical data elements, and the highest-risk business and data management processes. If you're among the majority of companies whose main strategy has been denial, get over it quick. Get it out in the open and talk about it as an organizational priority," he said.
Crucially, Wells advised to start with the belief that most people want to do the right thing when it comes to working with data. Meanwhile, the data leader's job is to communicate with the rest of the organization -- "to help them know what is the right thing," as he put it.
Another place will be heard from
And there's more than just the GDPR compliance requirements in the works. A proposed ballot initiative looms in California -- one that would bring data rights much closer to home for U.S. companies. In the past, the state has single-handedly driven environmental standards, and it could do something similar with privacy standards for big data.
Among its objectives, the California Consumer Privacy Act of 2018 would provide consumers with the ability to obtain the information a business collected on them. It can't be described as a wake-up call -- that's what GDPR is. But, if there are any data managers that aren't already highly attuned to the new winds of data privacy, the California initiative could be the one to tip the balance.