GDPR. Four letters, one colossal shift in privacy compliance for companies around the globe. Richard Lack overviews the issue…
With organizations collecting increasing amounts of data, customers and the governments that represent them have evolving expectations about the transparency surrounding data collection, and the laws that govern the usage and reporting of it.
Only recently, WhatsApp was warned by European regulators about over sharing data with Facebook, its parent company. This comes despite WhatsApp pledging in 2014 that nothing would change as a result of its acquisition.
Today most enterprises are global, but regional and national data laws – including those that define where consumer data must be stored and processed – vary widely. While this makes it increasingly tricky to serve international customer bases, businesses don’t want to give up on these massive audience segments. Yet they are increasingly being forced to adapt and, in some instances, ensure customer data from nation-state residencies is kept in that locality.
GDPR is shorthand for General Data Protection Regulation. In May 2018, it will become the privacy and data handling standard for the European Union, altering the requirements for managing personal data for businesses both inside and external to the EU indefinitely.
Businesses must act now to traverse the balance between new regulatory requirements and effectively managing customer identity data for the digital age. For many, this will mean reviewing what structures need to be implemented to remain compliant, whilst ensuring the optimisation of customer needs and the associated need for transparency surrounding the use of their data.
How we got here
GDPR has arisen as a direct result of rapid technological developments and the need to maintain consumer privacy via a more stringent framework. There are a variety of new regulatory elements which all businesses processing the data of consumers located within the EU will have to adhere to, including:
- Identifying a customer – even when he or she is using different login credentials over time;
- Managing and respecting consent, preferences and wishes to opt-in or out across all touchpoints.
Understanding the identity of a customer will become more important than ever. So how can businesses approach the multitude of issues that surround this process, in an efficient, well-structured way?
Manging identity in the digital age
CIAM (customer identity and access management) can help centralize data in a consistent way, forming the basis of a robust digital strategy for delivering seamless customer experiences and managing many aspects of privacy compliance.
CIAM platforms can provide:
- Support for compliance with regional privacy and data protection regulations, as well as with the terms of service of social networks and other identity providers;
- Access to multiple regional data centres / centers, to ensure that any relevant data localization requirements are met;
- Ensure robust industry-standard security for physical data storage, encryption, API transactions, application development and more.
Best-of-breed CIAM providers can also help brands meet regulatory requirements for how data is controlled. This presents an obvious challenge to businesses that leverage on-premises data centres to manage consumer data, but even large cloud providers can come up short in situations such as the one in Russia, since many large cloud-based storage providers such as AWS have no presence there.
GDPR also has strict requirements about giving consumers access to and control of their personal data. At any point, users must be able to autonomously export, delete, edit and freeze processing of the information in their profiles. Leading CIAM providers offer customizable registration and profile management workflows and other specialized functions that ensure consumers remain in control of their data.
Preparing today for tomorrow
For now, the world will have to wait to see how the GDPR, the newly ratified EU-US Privacy Shield data transfer framework, and numerous other recent regulatory initiatives will shake out in terms of real-world application and enforcement. Regardless of outcomes, though, I believe the smart move for businesses is to start developing a well-planned strategy for managing privacy now.
Readiness for the future of data privacy requires flexibility above all, and a specialist in customer identity management can help you build a foundation for managing consumer data that continuously evolves to serve global markets and the needs of your business, while helping to keep you and your customers safe in an uncertain world.
Richard Lack is director of sales, EMEA at Gigya.