Adam Maskatiya, General Manager at Kaspersky Lab, discusses how the new GDPR regulation promises a transparent future.
Big data is big business. The amount of data being collected and distributed has grown at an exponential rate.
According to IDC, 163 zettabytes of data will be created globally by 2025. That’s equivalent to watching the entire Netflix catalogue 489 million times and a ten-time increase from the 16.1ZB of data generated in 2016.
This explosion of data has undoubtedly been a huge positive for businesses, who now know more than ever about their customers, enabling them to tailor communications and create personalised experiences that simply weren’t possible a few years ago.
And it’s not just large enterprises that are realising these opportunities. By using data in the right way, small and medium sized businesses (SMBs) and even start-ups can give corporate giants a serious run for their money, as the likes of Uber and Deliveroo have demonstrated.
Data has clearly become the foundation of our digital economy, but a ‘collect as much as possible and decide what to do with it later’ approach has resulted in businesses being careless with customers’ personal information.
Because this data has come to represent so much value for businesses, the emphasis has swung to the collection, rather than the management, of data. Organisations know that they can’t risk missing out on the data wave, so have been intent on building out their databases as much as possible.
As a result, bad data hygiene is now all too common. A combination of complacency and bad habits is playing into the hands of cybercriminals, as illustrated by the recent spate of high-profile data breaches affecting organisations such as Bupa, Verizon and Wonga.
Just as importantly, customer relationships have also been impacted. Poor attitudes towards personal information have translated into a breakdown of trust between businesses and the very audience they are trying to attract. Clearly this needs to change.
New Global Data Protection Regulations (GDPR) are now less than a year away from becoming enforceable across the European Union, causing businesses to finally sit up and take notice about how they share, process and manage customer data.
With any breaches of compliance set to be met by hefty financial penalties – up to 4% of annual turnover – the majority of businesses simply can’t afford not to take the regulations seriously.
In most cases, this means that data-related processes will have to either be updated or significantly changed, a realisation that has been met with panic by many companies that have to deal with issues such as complicated technology architectures, a limited understanding of the regulations and a lack of executive support.
For consumers, many of whom have lost faith in the process and are now paying more attention to what happens with their personal data, the outlook is much more positive.
GDPR promises a transparent future where data is properly managed and treated as a valuable commodity rather than an expendable asset. If it isn’t, businesses know they will face the consequences.
So, there seems little doubt that GDPR is a welcome and much-needed piece of legislation, but the question we want to ask is: will businesses use the legislation as a much-needed excuse to re-build their relationship with customers and establish a level of trust that has been worn down by years of poor data hygiene?
The answer, we believe, comes down to a matter of respect.
Until now, regulations have been slow to catch up with how businesses are using customer information, allowing them to move data around without the fear of serious repercussions. As a result, firms have become lazy and customer data has been treated without respect.
It should be noted that consumers must also shoulder some of the blame here. We, as a society, have become used to freely sharing our personal information, without spending too much time (if any) thinking about who has access to it or how it will be used.
But, while we might expect this data to be used for personalised targeting, what we have actually ended up with is a spam culture where our information gets shared around various third parties and we find ourselves receiving annoying emails from companies we’ve never even heard of.
GDPR has finally forced these issues into the spotlight. Personal data hasn’t been treated with the respect it deserves in the past, and consumer trust has been damaged as a result. Now is the time for change.
There has long been a business case for managing data securely and efficiently, but it has never been much of a priority until now. Businesses have become content to continue collecting vast amounts of information on their customers without placing the required emphasis on how it flows through the organisation.
As a result, businesses often don’t know how much data they actually have, where exactly it is all stored, or even what it is used for. Studies have suggested that just 50% of an organisation’s available data is used for decision making, with the rest contributing to the ‘dark data’ that is collected during regular business activities but fails to be used for other purposes.
The threat of serious financial penalties, public shaming from regulatory bodies such as the UK’s Information Commissioner’s Office, and the risk of alienating potential customers, has now served to alter this mindset and wake businesses up from the data stupor that has become commonplace.
By making sure employees use data in the right way, and by creating a culture where data is the responsibility of everyone in the company, businesses can get on the right track to treating data hygienically, and with the respect it deserves.
Achieving this will go a long way towards re-establishing the level of trust which is now required in today’s ultra-competitive business landscape, thereby increasing brand loyalty and also helping to attract new customers in the process.
It’s still relatively early days and there is plenty of work to be done, but there’s hope that GDPR will dawn a new era in the business world. One where businesses respect the data in their care.