We’re just about two months away from stricter compliance regulations from the European Union (EU) General Data Protection Regulation (GDPR). The GDPR has specific requirements on how organizations handle personal data from individuals who reside in the EU. The regulation will be enforced beginning on May 25, 2018 and impacts any business with access to this data, regardless of its location outside the EU.
The rationale behind this regulation is that individuals who live in the EU should be entitled to a certain level of privacy when sharing specific personal information with any institution. Institutions that gather personal information must protect it and be held accountable if the systems using the data become vulnerable to malicious attacks that exploit personal data.
Moreover, when a company uses personal data in any of its newer initiatives that could possibly leverage machine learning and artificial intelligence (AI) big data platforms, it must let individuals know how their personal data is being used and give them a choice to “opt in” rather than the current paradigm of “opting out.” This might still be an area to iron out in terms of regulation because the proliferation of data available and whether it is tied to personal privacy will continue to evolve.
The recent woes of Facebook and their massive data privacy issue with Cambridge Analytica reinforces the need for careful study of how data is being used and what to do when a breach occurs.
As the GDPR becomes active, what will it mean for citizen integrators?
Citizen integrators, working to innovate on behalf of new digital business initiatives, must pay now more attention to privacy data. Many of these initiatives get tackled with self-service IT resources that have been referred to as shadow IT – a bit dubious now as agile companies typically embrace “innovation on the edges” of their organization as a viable way go to market faster. Citizen integrators can use an iPaaS solution without the backlog and overhead that can be associated with IT.
But what about privacy data and the GDPR soon to be in place?
Without a more formal tie to the governance of central IT, citizen integrators might not have the privacy of individuals at the forefront of their minds when they are trying to integrate and analyze volumes of personal data.
However, considering that addressing data privacy should be built into whatever new initiatives are in place, the “innovation” might, in fact, focus on compliance to privacy requirements, having a significant impact on user trust and retention. This should extend beyond just the privacy concerns of EU residents to all users who could be exposed to any privacy risk.
How the GDPR can improve customer loyalty
In a previous post, we outlined “Five steps that companies can take to prepare for the pending GDPR deadline.” Once you’re prepared, being more proactive about your privacy risk can help with customer loyalty through a trusted customer journey – by understanding that you will not breach any of their privacy concerns, customers will in fact “opt in” to any of the extra value you can articulate by using their private data to achieve good outcomes.
Envision this new paradigm of “opting in” as something like this:
You’re shopping for some online merchandise to get ready for a big vacation where you need to consider anything that goes with that – luggage, apparel, electronics – maybe a waterproof watch. You typically get suggestions for what to buy based on your browsing data.
What if you had the opportunity to grant permission to your favorite retail vendor to do deeper analytics on what might be best for you based on some of your personal data? On the backend, with hopefully a good choice for an iPaaS solution to do the required integration, your vendor could be analyzing GDPR compliant data from you as you’ve trusted them not to do anything nefarious or expose your data to other nefarious attacks.
Having the right integration strategy that embraces the GDPR could open new business for some enterprises. Be prepared. View the changes that come from the GDPR as a blessing and not a curse. Make sure that your integration partner is up to the task of tracking all of your privacy data and accessing whatever is needed in the event of an audit. And most important, stay ahead of the regulation.
Be the company your customers can trust.
Why not take SnapLogic for a spin? See how easy it is to extract any kind of data including personal data for business purposes and to maintain an accurate accounting of where and how it is used. Start your Free Product Trial today.