Everyone working with Big Data should know GDPR. Here’s why.

The EU General Data Protection Regulation (GDPR) came into effect on May 25^th, 2018. It can easily be stated that GDPR is the most significant change in data privacy of the last decade, or maybe even ever. The legislation is now in effect for more than one year. Initially, we saw a hype of three to four weeks, in which organization took lots of efforts to make their organization ‘GDPR-Proof.’ Websites were vigorously updated, and disclaimers and notifications were added everywhere, as the new regulation requires a published policy.

However, now that we are one year further, interest in GDPR has greatly dropped. Not just because I say so, but have a look at the graph below from Google Trends. The graph shows world-wide search volume for the term “GDPR” from January 1^st, 2018 to today. I think we can therefore state, to put it in today’s terminology, that GDPR is no longer a “trending topic.”

Figure 1: Global Search Volumes for “GDPR” since January 2018, analysed with Google Trends

This analysis from Google Trends is backed up by my own experience and observations as well. I have the pleasure of assisting companies with their Big Data challenges, and in that capacity I meet clients from many different industries. I always ask them how they incorporate data privacy regulations, of which most importantly GDPR, into their day-to-day operations. And whereas last year most people could explain a basic level of understanding of the regulation, I nowadays find that most people – even those working with sensitive data on a day-to-day basis – have limited knowledge about any kind of privacy regulation. In most cases, I am nowadays referred to the legal department, or the data privacy officer. I keep wondering if, 1 year into GDPR, organisations have forgotten the most important element of GDPR? The people…

Why everyone should have an Awareness of GDPR

I therefore think everyone who works with data in every organization – small or large – should have a basic understanding or awareness of GDPR. I think it should be part of the on-boarding process in every professional organization. And to follow the core elements of the regulation itself, here are my reasons why:

1. It is the law

As an organization, you might consider GDPR an extra administrative burden. But similar to filing and paying corporate taxes, compliance to GDPR is not based on voluntary participation. After its initial acceptance in by the EU Parliament on 14 April 2016, it was enforced on 25 May 2018 by all member states. This means that every organization (even the ones located outside the EU) are required to comply with GDPR when they are dealing with data from European citizens by law. This also means that if you break the law, the consequences can be severe and penalties are steep. Ask British Airways or the Marriott Hotel chain, who were handed fines totalling GBP300m by the UK Information Commissioner’s Office (ICO).

2. If you take data privacy seriously, customers take you seriously

GDPR is not only a requirement for your own organization, but can be a key differentiator. As we come to value data privacy more and more in our private lives, we would also like to work with companies that value this professionally. Compliance to data privacy can therefore also be a competitive advantage. If you keep the data of customers safe, this will go a long way to establishing long-term trust. GDPR therefore also provides a real business opportunity. And although most companies do not really view it as such today, the importance of data will keep on growing. I therefore strongly believe that a significant advantage can be obtained by leading the way in data privacy

3. Not only customers will take you seriously, your employees as well

The same motivation for customers also holds for your own employees. A company that safeguards data privacy will be also be an attractive place to work. At least the opposite is true. Places with high levels of stress and dissatisfaction are associated with high data security risks. It therefore stands to reason that people who work in an organization that has high standards for data privacy is a better work environment. And that people who work in these environments will have higher job satisfaction and lower attracting rates. I personally would like to work in an organization that safeguards my personal data (and not just to the bare minimum requirement), so I can only imagine that other people might feel the same way.

This is my case of why I think fundamental knowledge about data privacy and GDPR should be mandatory for anyone who works with large quantities of data. I always welcome feedback on my articles? Do you also think interest in data privacy is declining? And how does your organization address these issues? I look forward to hearing your feedback.