GDPR: Initiate Emergency Procedure
New UK regulations, and the technology to handle them
With new pieces of legislation like GDPR, Basel III, Pripps and MiFIDII, not to mention the expected shifts resulting from Brexit, it’s a tumultuous period for UK regulative law. So, rather than adopting the brace position, let’s take a look at what is being done to manage the change.
A common theme across new regulations is a focus on personal data protection — For example, in May 2018 the Data Protection Act is set to be replaced by the General Data Protection Regulation, which dictates the definition of ‘personal data’, and controls its management. It’s privacy by design and default, putting the onus on organisations to justify what they are using.
It sounds as if such controls should already be in place, and new legislation should be obsolete, delivering a culture of consumer indifference. Diving into the technicalities of the DPA, however, reveals precisely how out of date the 1990s ruling is. At the time very few organisations had the capacity to collect and process large amounts of data regarding individuals, and digital interactions and footprints were smaller, meaning less that could be collected by trawling. Today, with adverts stalking you all over the internet, it’s crucial that you know what constitutes your data, and who you want to have access to it.
The biggest change will be a much stricter emphasis upon consent. The restrictions on data collection and use are becoming more stringent, and a pre-checked box will no longer be enough to justify the harvesting of personal information, (*ahem* we’re looking at you, Apple). There will also be much harsher punishments for data breaches, including failing to remove data once consent has been withdrawn. It’s the cup of tea model of consent, if it’s too weak you can send it right back and never hear from the heathen who put the milk in first again.
The result of this piece of regulation is part of a wider trend to deliver control over personal data back into the hands of individuals. Whether they want such control is a separate issue — consumer lethargy being a fascinating facet of the digital age — but here we are going to focus on the upcoming technology designed to help manage the changes, on both the consumer and corporation sides.
The initial consumer facing competition will be to provide a platform enabling individuals to understand, centralise, control, and trade their data. Brave is a browser attempting to do this using blockchain and their own crypto currency (Basic Attention Tokens). The limitations of the underlying technology is a potential limitation to this, and if the blockchain buzzword doesn’t get you going, there are some brilliant challengers in the space.
The HAT (Hub of All Things), for example, is doing something different. As much as the UI here is clearly still in development, the bad puns department have been allowed to run away with themselves, and I’ve yet to be offered a complimentary fedora, the work being done by this team is an interesting step towards the controlled trading of personal data.
As their website states, “The tech behind the Hub of All Things makes it possible for any app, service, or website to be built in a way that gives the individual control over their own information. With it, we can build a privacy-preserving Internet. The technology consists of seven different applications covering how to store, exchange, and transact data privately. Together, they make it possible to do whatever you want to with personal data, without violating individual privacy.”
Watch this space.
One would assume that companies would absolutely be ready for this change, and have teams of lawyers buried in the small print, identifying the possible ramifications at every level. However, a YouGov report cited in the Telegraph revealed that a mere 29% of UK businesses have started preparing for the GDPR. 38% of the decision makers surveyed said they were not aware of the new rules, and 33% thought it was not an issue for the particular sector they worked in. A further 71% were not aware of the fines they may be faced with.
Not ideal, even if you are a proponent of the argument that Brexit will mitigate the impact, as it is highly unlikely that the UK will not adopt the directive in the wake of the split.
The regularity challenge is achieve complete transparency end-to-end across their services in order to effectively embed and manage the new controls, as well as making flexibility integral to respond to future changes. Facilitating this process efficiently and without unrealistic expense is the call to arms taken up by a plethora of companies in the regtech sector.
Suade is one such company, offering a suite of tools designed to be a panacea that will cure the regulation ills of financial service organisations. It has been named as one of the 50 fintech businesses most likely to revolutionise the world of money 2016, and it will be interesting to see who joins their client list as we move towards the compliance deadlines.
Why shouldn’t I panic again?
There is still time to shape up. For companies, this is a fantastic opportunity to review your infrastructure as a whole, and determine how you intend to survive and thrive after each new piece of regulation. The trick will be to explore your options early, and build partnerships with technology specialists that can facilitate the transformation required.
For consumers, most of the changes will involve more boxes to tick, and potentially more friction in experiences with brands. It could be utterly infuriating. It could also prove to be a brilliant way to completely personalise every interaction you have, an opportunity to get on the gravy boat by monetising your data, or a chance to understand just how far your digital footprint really extends. It’s not a cause for panic, it’s a whole new world for exploration.
I’m now looking to connect with individuals and organisations scoping out trends and opportunities in this space, please get in touch or leave a note in the comments.
Yourzine is open to collaboration, either through exchanging thoughts on the impact for your business, or through discussing possible partnerships.