The clock is ticking: In less than a year, the European Union’s (EU) General Data Protection Regulation (GDPR) will take effect, giving customers the power to control their own personal data. The assumption is that data protection laws worldwide protect personal information and enterprises that use this data view security as paramount. So, the GDPR and what that means regarding how personal data is handled has become the subject of a good deal of discussion and insight.
How businesses market to customers in a global economy is even more important than ever. The GDPR represents enhanced digital rights for individuals and new legal obligations for businesses that gather and use that data. It states clearly that personal data may not be used for a secondary purpose to that for which consent was given without notifying the customer. In other words, if they didn’t opt-in for the information, stop there or penalties could be high. Not only does the GDPR require businesses to obtain clear consent to use customers’ personal data—and that consent must be given freely—but it gives customers the right to be forgotten, or the right to “data erasure.”
As a digitally driven business, a number of questions about your enterprise’s interaction with consumer data should be considered. Ask yourself:
The answers to these questions can help you map out a data governance plan that enables your enterprise to manage risk effectively, comply with regulations, and in turn make agile decisions through the responsible use of data. While understanding the requirements is important, there are opportunities that a big data platform can present in separating, tracking, tracing, and managing all forms of personal data.
Now the question becomes, “What is personal data, and what type of data is covered?” Personal data may include a consumer’s name or email address, but more segmented or “sensitive” personal data serves to qualify an individual (e.g., name versus the “individual responsible for contracts at XYZ company”). Sensitive personal data is subject to additional protection and may require stronger governance to process than regular personal data.
It’s important to consider that customers will now have control over the portability of their data. Think of that as the possibility for your customer to give the data you have collected to a competitor. Knowing what constitutes personal data and how the GDPR will affect your operations is critical to anyone doing business on a global basis. No longer will it be as simple as securing and tracking this data, but how it’s managed or “processed” will be extremely important. Keep in mind that the fines for noncompliance could be high for companies outside the EU that are using EU citizens personal data.
Check out the first blog post in this series for a basic overview of this new regulation. To read more about the impending effects of the GDPR, follow along. My next post will discuss how you can leverage the GDPR as a business opportunity.
And, be sure view out my recent video panel discussion about GDPR with Disruptive Live.
This blog is not intended to constitute legal advice. Readers should consult with their own legal counsel regarding compliance with GDPR and other laws and regulations applicable to their particular situation and intended use of any Hortonworks products and services. Hortonworks makes no warranties, express, implied, or statutory, as to the information in this blog.