Grab your Arnold Schwarzenegger sunglasses because Judgement Day is here. No, I’m not talking about rogue AIs and killer cyborgs but the impact of data privacy legislation like GDPR (General Data Protection Regulation) and PoPIA (Protection of Personal Information Act). Designed to give consumers more privacy and control of their personal data, these regulations are set to bring sweeping changes to the way companies do business. And they’re just the start.
Already, we’re seeing the effect. Just look at MTN Nigeria’s $8.1 billion fine for failing to disconnect unregistered SIM cards. Earlier this year, France’s data regulator made an example of Google with a €50 million fine for failing to comply with GDPR - a quaint figure compared to the potential multibillion fine that could have occurred if the maximum penalty of 4 percent of annual global revenue had been enforced.
Alongside GDPR has been an increasing global consensus around data privacy. At the WEF in Davos, Japanese Prime Minister Shinzo Abe discussed the importance of entering an era of Data Free Flow with Trust, while Microsoft CEO Satya Nadella called for data privacy to be treated as a human right. India’s Supreme Court has ruled privacy a fundamental right, and Apple’s Tim Cook has compared it to freedom of speech in its importance.
As customer privacy becomes a more prominent issue, a more progressive approach to data privacy offers a major competitive differentiator. Recently, Cisco's 2019 Data Privacy Benchmark Study found that companies that were rated GDPR-ready were experiencing shorter sales delays, less system downtime and fewer security breaches, leading to cost benefits.
If you thought data privacy was about EULAs and unsubscribe buttons, think again. It’s one of the most compelling issues of the digital economy. As legislations like GDPR bare their teeth and consumers lost trust with each new data breach, organisations need to be asking themselves whether their data privacy strategies are up to par.
Reading from the same playbook
If you’re looking at legislation like GDPR and PoPIA and feeling overwhelmed, you’re not alone. Many organisations are in the early stages of grappling with readiness – a study from Sophos has found that only a third of local organisations are ready to comply with PoPIA.
Thankfully, there are a range of organisations out there that serve as blueprints for good data privacy practices, from government to corporate to NGOs.
In response to GDPR going live, Microsoft revealed it was redesigning its security and data protocols, unveiling a privacy dashboard that lets users control their own data and where it is used. Many financial institutions are moving towards open banking models, which give users control over their own personal data.
In just three years, Ukraine has made massive strides in using open data for accountability, innovation and social impact, fuelled by adopting the principles of the Open Data Charter. This approach is estimated to have added almost a billion dollars to the economy. The UK’s new Open Banking initiative is another example of providing consumers with a trusted route to realise the power of their own financial data. This initiative has allowed TransUnion to launch an Open Banking early adopter programme, designed to enable greater engagement of consumers and more informed lending decisions. . Globally, we are seeing a trend towards open banking, shifting power from financial services companies to their clients.
The World Bank’s Mission Billion Challenge is offering cash prizes worth $100,000 for promising solutions to strengthen data privacy, empower users, enhance trust and protect personal data from misuse and breach. Creator of the World Wide Web Tim Berners-Lee, has a more ambitious goal in mind – to change the way the internet runs entirely. He’s launched Solid, a project aimed at changing the way web applications work, resulting in true data ownership and improved privacy.
These approaches may be very different on the surface, but look into them and you’ll notice common threads: a focus on informed choices and transparency, greater control of users, and emphasising security.
Successful data privacy models owe as much to Asimov as they do to attorneys, following a common set of principles and best practices. Get those in place - the privacy equivalent of the three laws of robotics - and suddenly you have what it takes to thrive in a data-driven society.
It’s the principle of the thing
While privacy has always been in the DNA of how we work at TransUnion, many organisations are still in the beginning stages of their journey towards privacy as a new way of working. One of the common questions we get as a business is how to choose between compliance to GDPR and PoPIA if you’re a South African business.
While PoPIA and GDPR might be the burning platform that spurs organisations to evolve their data practices, it’s important to remember that neither legislation is the be-all-and-end-all of data privacy. As technologies like health wearables become more common, more challenges will emerge around what constitutes personal data and how best to protect it.
What this means is that bringing in a consulting firm to tick all your PoPIA boxes is not going to cut it. Greater user privacy and consent is set to become a way of life – you need to make it part of your organisational DNA rather than approach it as a one-time compliance exercise. The sooner you get ahead of that curve, the better – for your bottom line, reputation and competitiveness.