When I was a kid "identity theft" didn’t have a name, and was something that only happened in TV series re-runs of "Mission Impossible" or "The Man from U.N.C.L.E." and when listening to the Top 40 on my portable radio every Sunday night data privacy issues didn’t enter my head. The internet, let alone Spotify, wasn’t even invented yet (I know hard to believe, right?)
A lot has changed since then and these days with the likes of Facebook and Google potentially knowing more about us then our own family, we need to be careful with our own personal information and the digital footprints we make. In the wrong hands it can unlock the doors to the many things we do online today; banking, shopping, subscriptions, the list goes on.
Thankfully most companies and Governments are trying to do their bit in keeping our personal information safe and keeping us informed if we care to listen. There is even a national day on 28th January; "Data Privacy Day" or "Data Protection Day" as it's known in Europe raises awareness and promotes privacy and data protection best practices.
This year, on 25th May, there is something big happening and I am not talking the new Han Solo movie, nope it’s the date when the European General Data Protection Regulation (GDPR) comes into effect.
GDPR is a new regulation which will affect any organisation, regardless where they are based, that processes personal data from EU residents. It calls for greater transparency & increased accountability on these organisations and is grabbing the headlines as GDPR imposes large sanctions for those found to be in violation. With maximum fines of 4% of global revenue or 20 million euros (whichever is greater) and even stopping organisations from processing data altogether, which could be far more damaging for some.
This new regulation also gives enhanced rights to EU citizens to make requests: about what personal data is being used and why, to stop processing their data, to move it to another company and even delete it forever.
If you haven't heard of GDPR yet just google it and you will see a ton of info, I've included some links at the end of this blog that I’ve found useful in my research. You will certainly be hearing more about GDPR as the 25th May approaches which is merely the starting line rather than the finish line.
It will certainly be an interesting time for many companies including IoT as although most may think that the connected devices are not collecting personal information, under the GDPR Internet Protocol (IP) and Media Access Control (MAC) addresses are now classed as Personal Information if they can be used to identify an individual person. [Hint: your smart phone has both].
And that’s what the GDPR is all about getting companies to really think about what personal data they have, what they really need to process and how long they need to keep it for. Think about the data relationships you have today with all the organisations you have shared your personal information with. It spans multiple areas from your personal life to your work place. This is not just your name, email address and date of birth, it's your banking and credit card details, medical records, right down to your religious, political and even sexual preferences, anything that can be used to identify you as a person.
The challenge for most companies now is understanding what personal data they have among the many disparate data sources inside and outside of their organisation, and ensuring the correct policies & procedures, training and technology are all in place to protect, manage and monitor that data in accordance to the GDPR on the run up to the 25th May and beyond as it becomes the new normal.
The reputable and forward-thinking organisations will take an open and transparent approach. In the Analytics economy, leaders will be better data custodians, building the next level of trust, gaining the proper consent so that they can use the personal data they need to provide the product or service. And individuals will be open to share if they see value. For example, I am ok sharing my location with Google I trust their security measures and they show me where the nearest shot of coffee is on the way while guiding me to the cinema where the new Han Solo movie is showing.
In 1984 Rockwell released "Somebody's watching me" and sung "I've got no privacy" now when it comes to our personal data at least things are changing and they are changing for the better.
Further reading:
The European Commission's official page on Data Protection:
https://ec.europa.eu/info/strategy/justice-and-fun...
Find your local Data Protection Authority (DPA):
http://ec.europa.eu/justice/data-protection/articl...
Nice easy way to read and navigate the complete GDPR
Well written guide in plain English explaining the GDPR from the ICO (UK's DPA)