GDPR – A success factor of digitization
The headlines in the media are all telling the same story: “Companies fear being disadvantaged”, “Companies unprepared for the GDPR”, “Companies in for a rude awakening”. It seems clear that the general narrative about the General Data Protection Regulation is negative all throughout the media landscape. So, it comes as no surprise if the coming – or rather looming? – GDPR is considered annoying, cumbersome, and in the worst case even superfluous. That is only one half of the truth though.
The new regulation also brings with it a clear potential for improvements. According to an international survey among 340 decision-makers in a number of different industries by the software provider SAS, 71 % of those surveyed think that their data governance will improve as a result of the new legal framework. 37 % even expect their IT expertise in general to improve. 30 % at least recognize the opportunity to polish their companies’ image by fulfilling the GDPR standards. The surveyed decision-makers also expect their customers to benefit from the new regulation. 29 % think that customer satisfaction will improve, and another 29 % expect an improvement of their companies’ external perception.
In my opinion, you do not have to look far for the reasons for this positive attitude. After all, strong data protection is now considered one of the foundations of digitization across industries; a deciding factor of digital transformation.
Here are a few examples: last year, US transport service provider Uber had to admit that private data of 57 million users and Uber drivers had been stolen, both e-mail addresses and phone numbers. Or the case of Yahoo; according to media reports, three billion e-mail accounts of its users had been hacked in 2013, causing the criminals to gain access to names, e-mail addresses, phone numbers, dates of birth, as well as the security questions and corresponding answers. The fact of the matter is that even common data protection methods of anonymization and pseudonymization could have reduced the damage for both companies significantly.
Another example is the Internet of Things (IoT), where a certain security issue, which will also affect Germany as an industrial location, has long been known to experts in the field. The continuous networking facilitated by the Internet of Things in the near future will be driven by billions of small sensors and components which will only cost a few pennies each and will probably come from predominantly Asian manufacturers with less than ideal security standards. The consequences of this trend have been recently documented by the Finnish security provider F-Secure, who examined a security camera manufactured in China and found 18 security gaps, some of them critical. By exploiting these security gaps, attackers could gain control over the camera, along with any recorded footage. “Issues of security have been completely ignored with these products”, says Harry Sintonen, Senior Security Consultant with F-Secure, “Apparently the manufacturer only cared about finishing the product as quickly as possible and throwing it onto the market. Even common security practices have been ignored, which endangers both users and networks. Ironically enough, these cameras are supposed to ensure the safety of homes – while making digital homes less secure at the same time.”
In the future, billions of sensors will not only receive and transmit technical data in factories, but also private data in Smart Homes. A survey conducted by the Federation of German Industries (BDI) pointed to the legal ramifications of Industry 4.0 some time ago already: “Surveyed legal departments identified data law (data protection, data security, IT security, rights to data), contract law, liability law, and IP law as the most important fields of action.” Therefore, it is important to steadily develop and refine the coming European data protection regulation, in order to master the challenges of digitization. Starting points for this development are concepts such as “Privacy by Design”, “Privacy by Default”, pseudonymization and anonymization, recommendations by government authorities or Codes of Conduct.
These above-listed strategies all go hand-in-hand with the GDPR. Consequently, companies who refrained from taking action so far, should take the new regulation as an opportunity to re-think their approach to this topic. After all, (certified) data protection will not only become a mark of quality in case of the Internet of Things. There is no doubt that companies which position themselves clearly when it comes to this topic, will benefit.
You can find more about the topic „General Data Protection Regulation“ here.