geralt / Pixabay

Data privacy has taken center stage in the wake of the Facebook-Cambridge Analytica data privacy scandal. The May 25 GDPR compliance deadline has passed, and most companies are struggling to get on the right track. Companies’ main focus right now should be on winning their customers’ trust at a time when they are angrier than ever about their data and scrutinizing privacy practices.

How did we get here?

In April, Mark Zuckerberg faced congress to provide his testimony around the use of the private data of 87 million Facebook users by Cambridge Analytica. This scandal has gained international attention, and it brings the importance of data privacy to the forefront of consumers’ minds. In the wake of this outrage, companies are facing increased pressure to responsibly manage consumer data and be transparent about how they’re using it.

Since GDPR has taken effect, companies are experiencing a groundswell of consumers who want to exercise their data privacy rights, regain control of their personal information and revoke a company’s right to utilize or share their personal information.

The regulation initiates a principle of accountability because organizations must prove and actively track consent. Companies that violate GDPR compliance risk a fine of up to 4 percent of the company’s revenue. In the case of Facebook, which reported a revenue of $27.64B in 2017, the fines amount to a staggering $1B.

GDPR is meant to hold businesses and government entities accountable for how they use, store and share information about EU citizens—but that’s not to say this regulation applies only to European companies or government organizations. The impact stretches far beyond Europe, demanding that any organizations that possess the personal data of any EU citizen—whether that be an employee or customer—must also comply with GDPR. And, it’s only a matter of time before the U.S. follows suit with a similar, sweeping regulation.

Where do we go now?

Today’s data-driven organizations capture overwhelming amounts of data—and that’s not likely to change in the future. If anything, companies will continue to uncover and use more data about their customers and look for ways to monetize that data. This could take the form of developing more robust customer service initiatives to increase share-of-wallet, or sharing that data with outside organizations for profit.

The war for customer data is expected to rage on, and companies need to have a strategic approach to communicate their collection, storage and use of personal information. In order to create more robust data governance, access, protection and transparency, data privacy and chief data officers need to follow the five pillars of GDPR:

  1. Know what personal data you have in your control by continuously maintaining a map of the personal data that flows across the organization.
  2. Create a 360° view of each data “subject” wherein individuals can collect, connect, and protect all the personal information they intend to maintain.
  3. Protect data against leakage and misuse, and ensure data is anonymized when processed out of scope of what legitimate interest or consent allows.
  4. Foster accountability by allowing the responsibility for the processing of personal data to be delegated to the stakeholders who know that data best.
  5. Know where personal data is located and when that data gets moved across borders, so you can enable processes that offer opt-in consent for such actions. It is crucial to enact data access, portability and rectification rights or the rights to be forgotten.

With visibility into who has what data and how it’s being access, used, and shared, coupled with options to opt-out of data sharing, consumers will be more empowered to dictate the use of their personal information than ever before.

In the context of GDPR, data quality, governance and harmonization must become critical concerns for every organizations, particularly those that currently lack “a single view” of each customer’s data—something GDPR mandates. GDPR also insists companies offer consumers the right for rectification, the right to be forgotten, the right to restrict data processing, and the right to not be evaluated on the basis of automated processing. All those rights have significant impact on a company’s data management practices and should not be taken lightly.

Consumers are demanding data transparency, and it’s a huge opportunity for data professionals to educate executives on the importance of data governance—and how to go about requesting (and coding in) consent. By elevating the importance of data transparency to the board level, IT leaders can begin addressing these concerns immediately and get on track to protect their consumers’ data.

There are many lessons to be learned from Facebook’s mishandling of its consumers data. Overall, this event showcases the absolute importance of data governance and transparency, timed perfectly with GDPR going into effect. Primarily, companies should know that in today’s highly-regulated, data-driven economy, they will only be successful if they have the right data management practices in place.