Number of words: 372<\/p>\n\n\n\n
The GDPR is different from many government regulations. Most of the time, a regulation tells a company what it cannot do. For example, don\u2019t include misleading statements in your advertisements. Or don\u2019t put asbestos in your buildings. The fundamental philosophy of a free market economy encourages business innovation, with regulation putting certain conduct off-limits but otherwise leaving companies broad freedom to experiment.<\/p>\n\n\n\n
One of the biggest features in the GDPR is in effect a privacy bill of rights. By giving consumers certain rights, it requires that companies not just avoid certain practices but create new business processes. For example, companies with personal information are required to enable consumers to access it. Customers have a right to know what information a company has about them. They have a right to change the information if it\u2019s inaccurate. They have a right to delete it under a variety of circumstances. And they have a right to move their information to another provider if they prefer.<\/p>\n\n\n\n
In important ways, the GDPR is akin to a Magna Carta for data. It represents a critical second wave of European privacy protection. The first wave came in 1995, with a privacy directive that required that websites notify consumers and get their consent before collecting and using their data. But as the internet exploded, people were inundated with privacy notices and had little time to read them. Recognizing this, Europe\u2019s GDPR required that companies give consumers the practical ability to go online to view and control all the data that had been collected from them.<\/p>\n\n\n\n
It\u2019s not surprising that its implications for technology are so sweeping. Start with the proposition that any company with millions of customers\u2014or even thousands of customers\u2014needs a defined business process to manage these new customer rights. Otherwise it will be swamped with inefficient and almost certainly incomplete work by employees to track down a customer\u2019s data. But more than that, the process needs to be automated. To comply quickly and inexpensively with the GDPR, companies need to access a customer\u2019s data in a unified way across a variety of data silos. And this requires changes to technology.<\/p>\n\n\n\n