Sheila Dean

View Original

GDPR can be the bottom up solution fit for a top-down governing world

Companies can use GDPR as opportunity to graduate US environments for comprehensive data protections

GDPR is creating crankiness among privacy compliance probates, lawyers, and data regulators. It’s a holistic and vigilant program with provisions for human and individual rights.  If you adopt it with the right attitude, applying EU protective processes to US data holdings, consumers will sigh with greater relief and they may begin to trust you again.   

If you treat Europe’s consumers with more protections than your own domestic customers it will become a source of national shame. It would be like upgrading internal privacy plumbing for a foreign business sector, while leaving your own countrymen to use a wooden shed covering an outhouse open sewer pit. People will know you had the ability to make American networks private alongside of Europe’s. If you refused because you preferred a more cavalier position to your US customers’ privacy, people will know that too. Data protection is not just for Europe.

GDPR is not simple checklist compliance you can just shove onto an irritable HR corporate bureaucrat. Companies can automate up to 70% of processes but now they have to really know the differences between data mapping and data inventory. They have to mind consumer wishes when it comes to data removal demands. They have to comply with global regulators or face real penalties. They have to grow and continually improve privacy.

GDPR is an excuse to move in a holistic direction for consumer privacy by May of 2018. Don’t waste an opportunity to adopt comprehensive data protection.  Get your budget and staffing in place to accommodate the changes.  

INTERNAL THREAT LANDSCAPES

Negligence is a vast source of case study in business failure. Computing never really was a source of privacy. However, if you exhibit open contempt for privacy, manifested as negligence– not just consumers are watching. Your investors are watching. The dark web is watching too. They know your business process team is lazy and entitled. They will start penetration tasks on your networks. Before you know it, your whole business is in a place of crisis.

If you hear your global privacy-security lead complaining about human rights initative in GDPR, please schedule an exit interview for them before they become a liability. They are irritated because they have to change 20 years of corruptible and insecure business process. If they need more help make the jump, invest to develop privacy resources now.  Hire people who value protections for the source of your business: your customer.

Don’t allow your hard work to go down the toilet because you had some internal gears with an impoverished attitude towards your customer. Your brand will look muddy and irresponsible. You bear the consequences if you gather and move personal data.  If you can’t do it right, get out of the data business.

GDPR forces the long view, pulling together patchy inconsistent and gap addled processes from the sectoral models into a comprehensive, unified scope-directed framework.  General Counsels who simply call for a technical compliance treatment won’t make the cut. The disposable privacy PM will become more of a thing of the past. You will now need a dedicated team given to data protection. Your business may have process and staffing gaps.  So fill them with good people, who innovate toward upcoming problems, and who are clearly motivated by data protections for the long haul.

DEVELOP PRIVSEC (or It's okay to be pro-sumer)

You can meet your own evolving need as you accept increasing risk.  Become a development ground for consumer privacy solutions and staff internally.  Then you can monetize your process as a point of pride.  Share your guaranteed solutions.  The cultivating work you do today for data protection can create better computing environment for the world.