Back in January 2012, when the new EU rules were first proposed they pledged to give individuals greater control over their personal data, make businesses more accountable for that data.
They included stricter requirements for protection and penalties around data breaches and committed EU member states to a set of consistent, legally-enforced regulations and rigid definitions.
But three years is a long time in the rapidly evolving digital universe, and the proposals could be irrelevent even before they are passed. New digital marketing tools have entered the market that can capture, track, profile, target and personalise individuals more effectively than ever before. In such a complex, data-rich landscape, it will be a tough ask for businesses to seek and obtain ‘explicit consent’ from each consumer as demanded by the proposals.
Our own European research found that 88% of consumers say they now deal with so many organisations, both online and offline, that they don’t know who holds what information about them. Three quarters (72%) are not convinced that the benefits of having their information deleted are worth the bother of getting it removed.
In short, connected consumers are setting their own standards for acceptable data privacy. Studies show people are prepared to reveal more information to the organisations they trust . Companies may be better off responding to the evidence of such consumer behaviour than waiting for the legislation to be finalised before deciding how to prioritise and protect the use of personal data in their business.
The new rules focus on the use of personal data in research, and need for ‘anonymising’ such data. Furthermore, they aim to ensure that definitions for things such as ‘data consent’, ‘data portability’, the ‘right to erasure’ and ‘data breach notification’ are universally agreed, understood and implemented.
We recently has published an advisory paper that we hope will help organisations to grasp the full implications of the new regulation and understand why they matter. Not just in 2016 when they are finally agreed upon and implemented; but right here, right now.
Sue Trombley is managing director in professional services at Iron Mountain