There has been a gradual awakening among consumers over the past twelve months about how their data is held by companies. And this isn’t a bad thing. You could argue that the ownership and use of data should have been a much more vocal ingredient in the discussion around the rapid growth of cloud computing, but at least it’s starting. Now, a European ruling could take that growing awareness to the next level.
A change in the data protection law by the EU will mean that social media companies, like Facebook and Twitter, will have to change both how people access their data and see the personal information kept on them.
What is GDPR?
It’s part of the General Data Protection Regulation (GDPR), which will be law on May 25th, 2018 – just under a year’s time. Data protection principles will be implemented into the laws of the 28 nation states of the EU. The law has a dual role, to give people greater protection, but also to hand down tougher regulations on those who handle data.
Of course, it isn’t just social media companies who’ll have to take control of how they communicate their use of data. In fact, any company that holds data will have to comply with the law and prove they’re protecting the data they have and have data-processing controls in place.
The way it stands now, consumers will often sign a terms and conditions without properly reading it or quickly scrolling through. Long, detailed and with small fonts, these T&Cs don’t do much to empower the consumer. Firms will argue that consumers should take the time and the personal responsibility to read every word. But let’s be honest, they’re not exactly written in an accessible way. A shift towards infographics or displaying the information that’s much easier to digest is empowering to consumers and encourages responsibility, rather than avoiding it.
Consumers should have far greater control over the use of their data, and education is a huge part of this. For small companies there might be a fear about the cost required and the level of change needed to implement the legal shift. But using data in the best possible way and giving consumers more control is a good thing that companies should get behind.
How are businesses reacting?
A YouGov survey suggests a majority of UK companies are not adequately prepared for GDPR, with 71% unaware of the €20m fine (or 4 percent of the company’s global annual turnover) that will send them promptly out of business if they do not lawfully obey. In fact, just 29% of businesses surveyed were preparing for GDPR with issues of compliance, permissions and data storage high upon that priority list. Yet the best practice will be to go that step further and ensure that consumers and employees are empowered, understanding exactly how their data is used, stored and what they sign up to. It’s about communication, and security remains a big issue for consumers. One of the GDPR regulations will set out a three-day timescale to identify a security breach and report it.
Cloud computing has ushered in a new generation of data and the wealth of it stored by companies and brands is staggering. It’s important consumers have a greater control and understanding of how data is used and stored and it’s something companies, from social media platforms to SMEs should be supportive of.
For other related posts on GDPR, click here.