The EU's General Data Protection Regulation (GDPR) puts significant restrictions on the automated processing of personal data. Data subjects, under the regulation, must give explicit consent for most processing to take place and can withdraw consent at any time. For organizations that depend heavily on this type of data processing as a business model, building trust with consumers and data subjects will increasingly become a competitive advantage, as trust acts as the facilitator for consent.
Consent is ultimate gatekeeper of data-processing activities
Many organizations depend extensively on the automated processing of personal data (data profiling), which is stringently regulated under GDPR. The new rules place a premium on the consent given by data subjects and consumers, making it easier than ever for these individuals to deny the use of their data. Under the new regulation, explicit consent is necessary; "silence, pre-ticked boxes, or inactivity" do not constitute consent, making the common "opt-out" methodology noncompliant. Furthermore, consent must be freely given, and consent is not regarded as such if the data subject is "unable to refuse or withdraw consent without detriment." This combination of attributes, by design, gives consumers immense power over the processing of their data and the ability to withhold it for processing purposes, leaving explicit consent as the gatekeeper that allows data to be processed and leveraged by organizations. Under GDPR, businesses that once were dependent on data processing are now, first and foremost, critically dependent on data subject consent.
This means that the process of obtaining data subject consent will be a new competitive battleground under GDPR. Obtaining this consent will largely need to be done through campaigns to build trust with consumers and data subjects: making consumer and employee trust a key business differentiator for organizations that rely on the processing of data. Consumers and data subjects that do not trust organizations to process their data ethically will not give consent; they have simple means to deny it. The choice is clear: build trust with your data subjects, or face rebuilding your business model.
Trust, in nearly every business context, is a key factor in building long-term symbiotic relationships. Businesses that can today build the most trust with their customers will gain a competitive advantage by ultimately securing access to more data than their peers. But with great power comes great responsibility. Trust cannot just be a marketing campaign; it needs to be a business philosophy. Building trust will require building best practices for data, adhering to stringent data governance practices, implementing tight data security, and even publicly stating the company's ethical commitments for data. Clarity and transparency is key, and those that convey their message most concisely will likely be the winners in the fight to obtain consent to process data.
EU's General Data Protection Regulation (GDPR) to have Greater Impacts on Enterprises, IT0018-001525 (April 2017)
Personal Data and the Big Trust Opportunity, TE004-000756 (February 2014)
"For GDPR compliance, documentation is just as important as execution," IT0014-003271 (May 2017)
Paige Bartley, Senior Analyst, Information Management