Digitalist Network // March 19 2018

GDPR and The Art of Motorcycle Maintenance

Do you consider GDPR-compliance a costly, unwanted burden on your business? Think again: it may be a golden opportunity.

As the dreaded 25th May 2018 approaches and the reality of the EU General Data Protection Regulation lands like a giant Monty Python foot on the operations of businesses worldwide, obviously your staff are running around like headless-chickenscalmly executing your carefully-planned compliance processes and you are resigned to accepting yet another massive regulatory burden cutting into your profit margin. But fear not: ethics and competitive advantage may appear like superheroes on the horizon to save you.
GDPR meme Lord of the Rings

…. at least not anymore!

In the interests of full-disclosure, I am a technologist and long-time privacy advocate – who has trouble believing that “business ethics” is actually a real thing, instead of something that some hungover sociology student came up with on exam day.
I find the idea that some random, normative statement of corporate intent such as “Don’t be evil” *cough* could measure up in any way against the legal obligation for a public company to maximise shareholder value totally absurd. But as of this year the privacy and personal integrity of individuals who may just happen to be in a relationship with your organisation is of primary importance to that relationship, and furthermore – that self-same privacy and integrity is fully enshrined in law.

Let us be quite clear: this is the way it always should have been!
That the Internet evolved in a way which allowed marketing departments to drive coach and horses through any idea of privacy protection for users in no way changes the fact that collecting personally-identifiable information on individuals without explicit, fully-informed and revokable consent is a violation of an individual’s personal integrity.

So, the GDPR in a nutshell. If you collect data for metrics, marketing, user insights, targeted advertising or whatever and that data is robustly aggregated and anonymised, knock yourself out. Otherwise under no circumstances does that data belong to you! – the user has merely loaned it to you for the duration of your relationship.

To truly comply with both the spirit and the letter of the law, an organisation needs two things: firstly, of course, all the processes, procedures and contractural arrangements that are required to comply with the handling of personal data under the directive, but secondly, also a fundamental attitudinal shift in how people inside the organisation view the data they handle on the individual’s behalf.
It is in this second category that some opportunities arise.

At the moment, awareness among the general public of what is going on with privacy legislation and concern about privacy in general is very low. This will not always be the case as people’s lives become ever more interconnected and dependent on the use of sometimes highly personal data to determine opportunities and outcomes for individuals.

President Barack Obama looking through a door peephole
President Barack Obama looks through the Oval Office door peephole as his personal secretary Katie Johnson watches 3/12/09.
Official White House Photo by Pete Souza

Basically, it is inevitable that digitally peering into people’s bedrooms will eventually be seen as just as unethical as the physical equivalent.
Today many people are prepared to pay to have a 24×7 bugging device in their homes, to have another 24×7 bugging device in their pocket or on their bedside table, to have their travel habits constantly monitored, even to give navigation apps access to their microphone, camera and family photos.

Nevertheless, as awareness of what is happening seeps into the public consciousness, people’s feelings and fears about loss of control over their own lives can only become more justified and more rational. Even as this era of digitalisation is labelled as “empowering” for individuals, “Computer says no!” is really not very empowering at all.
Of course the golden era of keeping people in the dark about the privacy trade-off involved in using these things and the surreptitious collection and use of private data is now over, and an informed public will more and more make brand choices based on updated criteria.

The long-game is about trust. Trust and transparency. If your business and the people in it are totally transparent and ethical in their relationship with their users and their users’ data, the trustworthiness of your brand will confer a competitive advantage all on it’s own. And not before time.

By Colin Campbell, CTO, Digitalist Sweden

More from Digitalist Network