Over a million developers have joined DZone.

From GDPR to Customer Trust: Is Your Data Ready to Protect Customer Privacy?

DZone's Guide to

From GDPR to Customer Trust: Is Your Data Ready to Protect Customer Privacy?

With the bringing of the EU's GDPR legislation fast approaching, we take a look at a strategy that can help make sure you're prepared, like maximizing customers' trust.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Five Pillars that will Help You Chart the Best Course for Success using Talend and MapR

Is it just me, or does there somehow seem to be an eerie correlation between the quickly approaching, May 25 deadline for compliance with the General Data Protection Regulation (GDPR) and the increasing numbers of reported privacy violations, leaks, complete system failures that are capturing headlines? Coincidence...or not?

All 'conspiracy theory' aside, over the last few weeks, we've heard about Chief Security Officers, Chief Information Officers, and even CEOs losing their jobs following a data breach that exposed their customer's sensitive data to external parties. But the repercussions aren't solely limited to an individual or department. A breach of this magnitude can cost a company not only up to billions of dollars in fines but also a loss of public trust, brand deterioration, and significant loss of business. For example, take the recent Uber incident wherein the claimed 'digital native' taxi-alternative company failed to alert regulators across the world of a mass data breach that potentially put 57 million customers and drivers personal details into the hands of cybercriminals. In the UK, the cost for UBER could also be the renewal of its license in the capital with the Transport of London agency - something that will likely have a significant impact on its revenues.

Each day we're seeing concrete cases illustrating the rising costs of penalties for capturing data without customer consent, or the fact that a loss of control over personal data could have a billion dollar impact on a company's market valuation.

The impact of GDPR is huge, not only as a regulation that 'punishes' companies that fail to comply with severe penalties, but also because data subjects - i.e. any European-based citizen who is an employee, customer, visitor, or user of your company's products or services - are now understanding their new rights in the digital age and starting to ask the right questions, take the right steps and establishing blocks against companies to protect themselves. At the same time, the voice of non-European citizens is getting louder when it comes to similar privacy rights and issues.

In fact, a recent survey by Pega Systems shows that data subjects (i.e. citizens) may be more prepared for the GDPR than the companies with which they do business; i.e. 82% of European consumers plan to exercise their new rights to view, limit, or erase the information businesses collect about them. To the same extent that they leveraged their new right to be forgotten in Google since the European courts ordered the company to allow it in May 2014, data subjects are feeling empowered by their new rights, and will undoubtedly be more mindful of the personal data they share with any vendor at any time.

So, what does this mean for IT Leaders? We think there are two main things to consider:

  1. The GDPR is much more than just another compliance regulation. It's also a customer engagement issue, a call to action for establishing a system of trust when engaging with consumers - your customers - now that digital transformation has turned them into data experts. You're no longer dealing with a naïve generation of constituents.
  2. The GDPR should be perceived as a data management project. While most companies are still mistakenly asking themselves, "Are we ready for the GDPR," with a focus on the internal processes, policies, and organization, what they REALLY should be asking is: "Is our data GDPR-tested, and consumer and government approved?"

Benchmarking surveys (like IAPP/Ernst and Young, or Deloitte) are showing that the toughest challenges are related to the second question. Most GDPR initiatives get stuck in paperwork and fail to enable companies to get hands-on with the intimate details of protecting the personal data they possess. As a result, topics like consent management, data subject access rights, data portability, or right to be forgotten are not addressed. I would say this is a 'band-aid' approach to addressing the GDPR - it may be a satisfactory first step to show regulatory authorities that work is underway to sufficiently assess the risks and address any and all legal issues. However, this 'band-aid' approach will fall far short of winning customer trust, which would result in a far more costly business impact than the fines you'll likely incur from government entities.

Organizations should get hands-on with their data and make sure they address the five pillars to get their data ready for the GDPR:

  • Know their personal data by continuously maintaining a map of the personal data that flows across the organization.
  • Create data subjects a 360° view where they can collect, connect, and protect all the personal information that they intend to maintain.
  • Protect their data against leakage, misuse, and ensure data is anonymized when processed out of the scope of what legitimate interest or consent allows for.
  • Forster accountability by allowing to delegate accountabilities on personal data to the stakeholders that contribute to related data processing activities.
  • Know where the data is and when the data moves across borders while opening personal data for the right of the data subject. This is crucial to enact the rights to data access, data portability, rectification or the rights to be forgotten.

In part II of this series, we'll see how MAPR and Talend can accelerate your data privacy compliance across those five pillars.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

gdpr ,security ,data security ,data privacy

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}