SlideShare a Scribd company logo

[REPORT PREVIEW] GDPR Beyond May 25, 2018

To download the full report, visit: bit.ly/altimeter-GDPR-strategy

1 of 9
Download to read offline
RESEARCH REPORT
GDPR Beyond
May 25, 2018
Implications for Strategists
and Marketers
FEBRUARY 6, 2018
BY SUSAN ETLINGER
PREVIEW VERSION
1
Table of Contents
2			 Executive Summary
3			 Introduction	
5			 What is the GDPR?	
8			 Opportunities for Global Business
12			 Recommendations
14	 	 Endnotes	
15			 Methodology
15			 About Us
16			 How to Work With Us
2
Executive Summary
On May 25, 2018, the European Union’s General Data Protection Regulation
(GDPR) will go into effect. It will harmonize existing data protection laws
in the European Union (EU), but, as importantly, it will fundamentally
strengthen the rights of people in the EU to control their personal data.
There is no question that the potential impact of GDPR is massive, and much
is still unknown. What is clear is that it will trigger profound changes within
organizations of all kinds that collect data from people in the EU, requiring
alterations in process, technology, delivery, and design of products and
services, communication, and organizational structure, among many other
things. But while GDPR represents a significant disruption to business
operations in the short term, it also represents a strategic opportunity in the
longer term.
This report is not a “how to” for GDPR compliance. Rather, it lays out the
strategic opportunities that come from more transparent and trustworthy
interactions between individuals and organizations: product, service, and
business model innovation; customer experience and loyalty; operations;
brand reputation; and competitive positioning.
 
3
Introduction
One fact increasingly affects us: We live in a data-rich world. As IBM famously stated:
“Ninety percent of the data in the world was created in the past two years alone,” and
that time span is narrowing.1 While technology access remains uneven, the availability
of increasingly personal data — gathered by sensors, social media posts, images, mobile
phones, websites, closed circuit TV, videos, and transaction records, among others —
challenges established notions of privacy rights.
The discussion of the individual’s right to privacy has been particularly intense in the
EU, where data protection has been a high priority for years. The focus has been to find
a way to restore control of personal data to the individual, improve transparency, and
fundamentally change the way organizations approach data collection and use.
On April 14, 2016, the EU Parliament approved the GDPR as a single, legal standard across
the EU “to make Europe fit for the digital age.” More than 90% of Europeans say they want
the same data protection rights across the EU – and regardless of where their data is
processed.2 The new law goes into effect on May 25, 2018.
GDPR will trigger fundamental changes to all organizations, no matter their location,
that collect data from people in the EU. For this reason, it is a mistake to view it simply as
an “EU issue,” an obscure regulation or a compliance exercise handled by a team with a
checklist. The breadth and depth of changes demanded by GDPR is vast and could well
influence how global companies treat personal data for many years to come.
4
There is no question that GDPR calls for changes in data collection and processing
that significantly disrupt organizations. Some question whether the breach notification
deadline of 72 hours is even possible given the complexity of corporate database
structures and information technology environments. Data access regulations are also
challenging, as extracting and exporting all personal data from apps and systems in an
accessible format is no easy task.
But as challenging as GDPR may be for the groups working on complying with the
regulation, it also represents an opportunity: to develop new data-centric and compliant
products, services, and business models and reset trust with customers, clients,
consumers, and the general public.
FIGURE 1:
MOST CONCERNING ISSUES ABOUT ONLINE USAGE ACCORDING TO INTERNET USERS IN THE UNITED STATES AS OF
MAY 2017 (SOURCE: STATISTA)
Cyber crime such as having your
money or personal information
stolen online
Cyber attacks via internet to disrupt
life in th U.S. ( e.g. online theft & of
classified info, disrupting services)
Fake news stories and propaganda on
social media
Companies collecting and sharing
your personal data online with
other organizations
Online survelliance of U.S. citizens by
U.S. government
Children accessing online content of
an inappropriate nature
Hurtful or personal things about you
being posted online
None of the above
Don’t know
59%
49%
31%
30%
26%
23%
7%
4%
11%
0%	 10%	 20%	 30%	 40%	 50% 60%	 70%
Share of respondents
But there are reasons beyond compliance that organizations should consider in the wake
of GDPR. In the United States (US), at least three of Internet users’ top 10 concerns relate
to the way companies and governments use their personal data (Figure 1). While cyber
crime and cyber attacks appear to be the most salient worries, 30% of U.S. Internet users
are concerned about “companies collecting and sharing your data.”
SOURCE: Statista
5
What Is the GDPR?
The GDPR is comprehensive regulation that governs the way all organizations may use
the personal data of people in the EU. It is rooted in a series of historic and regulatory
events, including the Organisation for Economic Co-operation and Development (OECD)
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, which
is “a set of recommendations endorsed by the EU and the U.S. that set out to protect
personal data and the fundamental human right of privacy.” 3
Overall, the regulation is intended to harmonize existing EU privacy laws across Europe
and return control of personal data to the individual — who the regulation refers to as
the “data subject.” Understandably, a key question for many is the effect on the United
Kingdom (UK) post-Brexit — an issue that is and will continue to be addressed by the EU
and the UK Information Commissioner’s Office (ICO).4
KEY CHANGES OF THE GDPR
The GDPR contains ninety-nine articles that detail the specific rights of individuals and
the responsibilities of the organizations that collect and/or process their data.5 The EU
also has laid out the key changes to previous European privacy legislation that focus on
the following areas:
• Territorial Scope,
• Penalties,
• Consent, and
• Rights of the Data Subject.
The following is a digest of the key changes in the GDPR. It is not intended to replace a
thorough reading of the text. To review the complete text, visit the the EU Protection of
Personal Data site. Compliance checklists for data controllers and data processors are
available on the ICO website.
TERRITORIAL SCOPE
GDPR applies to any organization that processes the personal data of someone in the
EU or UK, regardless of where the company is located. This means that any company
— whether brick-and-mortar, online, or both — with customers who live in the EU must
comply with the regulation or face stiff financial penalties.6
PENALTIES
Companies in breach of GDPR “can be fined up to 4% of annual global turnover (generally
speaking, gross revenue) or €20 million (whichever is greater)”.7
Ad

Recommended

[REPORT PREVIEW] The AI Maturity Playbook: Five Pillars of Enterprise Success
[REPORT PREVIEW] The AI Maturity Playbook: Five Pillars of Enterprise Success[REPORT PREVIEW] The AI Maturity Playbook: Five Pillars of Enterprise Success
[REPORT PREVIEW] The AI Maturity Playbook: Five Pillars of Enterprise SuccessAltimeter, a Prophet Company
 
[REPORT PREVIEW] Smart Places: The Digital Transformation of Location
[REPORT PREVIEW] Smart Places: The Digital Transformation of Location[REPORT PREVIEW] Smart Places: The Digital Transformation of Location
[REPORT PREVIEW] Smart Places: The Digital Transformation of LocationAltimeter, a Prophet Company
 
Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...Blockchain the inception of a new database of everything by dinis guarda bloc...
Blockchain the inception of a new database of everything by dinis guarda bloc...Dinis Guarda
 
What-Do-We-Do-with-All-This-Big-Data-Altimeter-Group
What-Do-We-Do-with-All-This-Big-Data-Altimeter-GroupWhat-Do-We-Do-with-All-This-Big-Data-Altimeter-Group
What-Do-We-Do-with-All-This-Big-Data-Altimeter-GroupSusan Etlinger
 
2010 Mobile Influencers: Trend Predictions in 140 Characters, By TrendsSpotting
2010 Mobile Influencers: Trend Predictions in 140 Characters, By TrendsSpotting2010 Mobile Influencers: Trend Predictions in 140 Characters, By TrendsSpotting
2010 Mobile Influencers: Trend Predictions in 140 Characters, By TrendsSpottingTaly Weiss
 

More Related Content

What's hot

The future of bank branches coordinating physical with digital capgemini co...
The future of bank branches coordinating physical with digital   capgemini co...The future of bank branches coordinating physical with digital   capgemini co...
The future of bank branches coordinating physical with digital capgemini co...Rick Bouter
 
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economy
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economyDesign to Disrupt - Blockchain: cryptoplatform for a frictionless economy
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economyRick Bouter
 
The Future Shape of Digital | Chartered Institute of Marketing
The Future Shape of Digital | Chartered Institute of MarketingThe Future Shape of Digital | Chartered Institute of Marketing
The Future Shape of Digital | Chartered Institute of MarketingiStrategy
 
The upwardly mobile enterprise
The upwardly mobile enterpriseThe upwardly mobile enterprise
The upwardly mobile enterpriseIBM Software India
 
[Report] The Rise of Digital Influence, by Brian Solis
[Report] The Rise of Digital Influence, by Brian Solis[Report] The Rise of Digital Influence, by Brian Solis
[Report] The Rise of Digital Influence, by Brian SolisAltimeter, a Prophet Company
 
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...Capgemini
 
The Business Value of Trust
The Business Value of TrustThe Business Value of Trust
The Business Value of TrustCognizant
 
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...The Work Ahead in Banking & Financial Services: The Digital Road to Financial...
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...Cognizant
 
Design thinking: An approach to innovation that scales.
Design thinking:  An approach to innovation that scales. Design thinking:  An approach to innovation that scales.
Design thinking: An approach to innovation that scales. Infosys Consulting
 
A New French Revolution? Building a National Economy for the #Digital Age
A New French Revolution? Building a National Economy for the #Digital AgeA New French Revolution? Building a National Economy for the #Digital Age
A New French Revolution? Building a National Economy for the #Digital AgeCapgemini
 
Economic and Creative Disruption - Linda Yueh and Brian Solis
Economic and Creative Disruption - Linda Yueh and Brian SolisEconomic and Creative Disruption - Linda Yueh and Brian Solis
Economic and Creative Disruption - Linda Yueh and Brian SolisBrian Solis
 
Me Data - The Rising Opportunity for Self Optimization Apps
Me Data - The Rising Opportunity for Self Optimization Apps Me Data - The Rising Opportunity for Self Optimization Apps
Me Data - The Rising Opportunity for Self Optimization Apps Beyond
 
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...Capgemini
 
Taking the digital pulse why healthcare providers need an urgent digital ch...
Taking the digital pulse   why healthcare providers need an urgent digital ch...Taking the digital pulse   why healthcare providers need an urgent digital ch...
Taking the digital pulse why healthcare providers need an urgent digital ch...Rick Bouter
 
Designing Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksDesigning Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksService Design Berlin
 
Razorfish Liminal 2011 — Customer Engagement In Transition
Razorfish Liminal 2011 — Customer Engagement In TransitionRazorfish Liminal 2011 — Customer Engagement In Transition
Razorfish Liminal 2011 — Customer Engagement In TransitionZeb Dropkin
 
Convergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingConvergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingBooz Allen Hamilton
 
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer Experience
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer ExperienceCMOs & CIOs: Aligning Marketing & IT to Elevate the Customer Experience
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer ExperienceCognizant
 

What's hot (20)

The Rise of the Mobile Empire
The Rise of the Mobile EmpireThe Rise of the Mobile Empire
The Rise of the Mobile Empire
 
The future of bank branches coordinating physical with digital capgemini co...
The future of bank branches coordinating physical with digital   capgemini co...The future of bank branches coordinating physical with digital   capgemini co...
The future of bank branches coordinating physical with digital capgemini co...
 
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economy
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economyDesign to Disrupt - Blockchain: cryptoplatform for a frictionless economy
Design to Disrupt - Blockchain: cryptoplatform for a frictionless economy
 
The Future Shape of Digital | Chartered Institute of Marketing
The Future Shape of Digital | Chartered Institute of MarketingThe Future Shape of Digital | Chartered Institute of Marketing
The Future Shape of Digital | Chartered Institute of Marketing
 
The upwardly mobile enterprise
The upwardly mobile enterpriseThe upwardly mobile enterprise
The upwardly mobile enterprise
 
[Report] The Rise of Digital Influence, by Brian Solis
[Report] The Rise of Digital Influence, by Brian Solis[Report] The Rise of Digital Influence, by Brian Solis
[Report] The Rise of Digital Influence, by Brian Solis
 
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...
The Silicon Network: How Big Corporates and Digital Startups Can Create a Mor...
 
The Business Value of Trust
The Business Value of TrustThe Business Value of Trust
The Business Value of Trust
 
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...The Work Ahead in Banking & Financial Services: The Digital Road to Financial...
The Work Ahead in Banking & Financial Services: The Digital Road to Financial...
 
Design thinking: An approach to innovation that scales.
Design thinking:  An approach to innovation that scales. Design thinking:  An approach to innovation that scales.
Design thinking: An approach to innovation that scales.
 
A New French Revolution? Building a National Economy for the #Digital Age
A New French Revolution? Building a National Economy for the #Digital AgeA New French Revolution? Building a National Economy for the #Digital Age
A New French Revolution? Building a National Economy for the #Digital Age
 
Economic and Creative Disruption - Linda Yueh and Brian Solis
Economic and Creative Disruption - Linda Yueh and Brian SolisEconomic and Creative Disruption - Linda Yueh and Brian Solis
Economic and Creative Disruption - Linda Yueh and Brian Solis
 
Me Data - The Rising Opportunity for Self Optimization Apps
Me Data - The Rising Opportunity for Self Optimization Apps Me Data - The Rising Opportunity for Self Optimization Apps
Me Data - The Rising Opportunity for Self Optimization Apps
 
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...
#DTR8: The New Innovation Paradigm for the Digital Age: Faster, Cheaper and O...
 
Taking the digital pulse why healthcare providers need an urgent digital ch...
Taking the digital pulse   why healthcare providers need an urgent digital ch...Taking the digital pulse   why healthcare providers need an urgent digital ch...
Taking the digital pulse why healthcare providers need an urgent digital ch...
 
Designing Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksDesigning Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design Drinks
 
Razorfish Liminal 2011 — Customer Engagement In Transition
Razorfish Liminal 2011 — Customer Engagement In TransitionRazorfish Liminal 2011 — Customer Engagement In Transition
Razorfish Liminal 2011 — Customer Engagement In Transition
 
Convergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingConvergence and Disruption in Manufacturing
Convergence and Disruption in Manufacturing
 
Digital Ethics
Digital EthicsDigital Ethics
Digital Ethics
 
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer Experience
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer ExperienceCMOs & CIOs: Aligning Marketing & IT to Elevate the Customer Experience
CMOs & CIOs: Aligning Marketing & IT to Elevate the Customer Experience
 

Similar to [REPORT PREVIEW] GDPR Beyond May 25, 2018

GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDPRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDPMalikPinckney86
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxgemaherd
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.Matthias Dobbelaere-Welvaert
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxjeanettehully
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationJoseph V. Moreno
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 

Similar to [REPORT PREVIEW] GDPR Beyond May 25, 2018 (20)

GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
Data protection
Data protectionData protection
Data protection
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDPRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docxRunning head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
Running head THE IMPACT OF GDPR IN IT POLICY1THE IMPACT OF GDP.docx
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
 

More from Altimeter, a Prophet Company

[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018
[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018
[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018Altimeter, a Prophet Company
 
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...Experience Strategy: Connecting Customer Experience to Business Strategy [REP...
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...Altimeter, a Prophet Company
 
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web ExperienceAltimeter, a Prophet Company
 
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...Altimeter, a Prophet Company
 
[RESEARCH REPORT] The 2016 State of Digital Transformation
[RESEARCH REPORT] The 2016 State of Digital Transformation[RESEARCH REPORT] The 2016 State of Digital Transformation
[RESEARCH REPORT] The 2016 State of Digital TransformationAltimeter, a Prophet Company
 
Social Employee Advocacy: Tapping into the Power of an Engaged Social Workforce
Social Employee Advocacy: Tapping into the Power of an Engaged Social WorkforceSocial Employee Advocacy: Tapping into the Power of an Engaged Social Workforce
Social Employee Advocacy: Tapping into the Power of an Engaged Social WorkforceAltimeter, a Prophet Company
 
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital Transformation
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital TransformationThe OPPOSITE FRAMEWORK: 8 Success Factors for Digital Transformation
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital TransformationAltimeter, a Prophet Company
 
The Future of Music: What Every Business Can Learn From The State of The Musi...
The Future of Music: What Every Business Can Learn From The State of The Musi...The Future of Music: What Every Business Can Learn From The State of The Musi...
The Future of Music: What Every Business Can Learn From The State of The Musi...Altimeter, a Prophet Company
 
[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of ThingsAltimeter, a Prophet Company
 

More from Altimeter, a Prophet Company (20)

[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018
[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018
[REPORT PREVIEW] Employee Adoption of Collaboration Tools in 2018
 
[REPORT PREVIEW] The Customer Experience of AI
[REPORT PREVIEW] The Customer Experience of AI[REPORT PREVIEW] The Customer Experience of AI
[REPORT PREVIEW] The Customer Experience of AI
 
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...Experience Strategy: Connecting Customer Experience to Business Strategy [REP...
Experience Strategy: Connecting Customer Experience to Business Strategy [REP...
 
The Conversational Business [REPORT PREVIEW]
The Conversational Business [REPORT PREVIEW]The Conversational Business [REPORT PREVIEW]
The Conversational Business [REPORT PREVIEW]
 
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience
[RESEARCH REPORT PREVIEW] Creating a Customer-First Web Experience
 
[REPORT PREVIEW] The Transformation of Selling
[REPORT PREVIEW] The Transformation of Selling[REPORT PREVIEW] The Transformation of Selling
[REPORT PREVIEW] The Transformation of Selling
 
[REPORT PREVIEW] The Age of AI
[REPORT PREVIEW] The Age of AI[REPORT PREVIEW] The Age of AI
[REPORT PREVIEW] The Age of AI
 
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
The Race to 2021: The State of Autonomous Vehicles and a "Who's Who" of Indus...
 
The 2016 State of Social Business
The 2016 State of Social BusinessThe 2016 State of Social Business
The 2016 State of Social Business
 
The 2016 State of Digital Content
The 2016 State of Digital ContentThe 2016 State of Digital Content
The 2016 State of Digital Content
 
Crafting a Digital Strategy
Crafting a Digital StrategyCrafting a Digital Strategy
Crafting a Digital Strategy
 
[RESEARCH REPORT] The 2016 State of Digital Transformation
[RESEARCH REPORT] The 2016 State of Digital Transformation[RESEARCH REPORT] The 2016 State of Digital Transformation
[RESEARCH REPORT] The 2016 State of Digital Transformation
 
[NEW RESEARCH] Crafting A Digital Strategy
[NEW RESEARCH] Crafting A Digital Strategy[NEW RESEARCH] Crafting A Digital Strategy
[NEW RESEARCH] Crafting A Digital Strategy
 
The Six Stages of Digital Transformation
The Six Stages of Digital TransformationThe Six Stages of Digital Transformation
The Six Stages of Digital Transformation
 
Social Employee Advocacy: Tapping into the Power of an Engaged Social Workforce
Social Employee Advocacy: Tapping into the Power of an Engaged Social WorkforceSocial Employee Advocacy: Tapping into the Power of an Engaged Social Workforce
Social Employee Advocacy: Tapping into the Power of an Engaged Social Workforce
 
[NEW RESEARCH] Social Media Employee Advocacy
[NEW RESEARCH] Social Media Employee Advocacy [NEW RESEARCH] Social Media Employee Advocacy
[NEW RESEARCH] Social Media Employee Advocacy
 
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital Transformation
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital TransformationThe OPPOSITE FRAMEWORK: 8 Success Factors for Digital Transformation
The OPPOSITE FRAMEWORK: 8 Success Factors for Digital Transformation
 
The Future of Music: What Every Business Can Learn From The State of The Musi...
The Future of Music: What Every Business Can Learn From The State of The Musi...The Future of Music: What Every Business Can Learn From The State of The Musi...
The Future of Music: What Every Business Can Learn From The State of The Musi...
 
[INFOGRAPHIC] 2015 State of Social Business
[INFOGRAPHIC] 2015 State of Social Business[INFOGRAPHIC] 2015 State of Social Business
[INFOGRAPHIC] 2015 State of Social Business
 
[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things
 

Recently uploaded

General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024Neil Kimberley
 
Diageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYDiageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYNeil Kimberley
 
publicpolicy-130621235359-phpapp02 2.pdf
publicpolicy-130621235359-phpapp02 2.pdfpublicpolicy-130621235359-phpapp02 2.pdf
publicpolicy-130621235359-phpapp02 2.pdfmmople
 
Kraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfKraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfNeil Kimberley
 
Questions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxQuestions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxPrecious Mvulane CA (SA),RA
 
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...Precious Mvulane CA (SA),RA
 
02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdfBloomerang
 
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Supavadee(Noi) Tantiyanon
 
Sample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategySample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategyRemar Barquilla
 
Hershey Presentation at 2024 CAGY Conference
Hershey Presentation at 2024 CAGY ConferenceHershey Presentation at 2024 CAGY Conference
Hershey Presentation at 2024 CAGY ConferenceNeil Kimberley
 
Actionable Fundraising Planning - Slide Presentation.pptx.pdf
Actionable Fundraising Planning - Slide Presentation.pptx.pdfActionable Fundraising Planning - Slide Presentation.pptx.pdf
Actionable Fundraising Planning - Slide Presentation.pptx.pdfBloomerang
 
HPM Panther (Captan 50% WP) Presentation
HPM Panther (Captan 50% WP) PresentationHPM Panther (Captan 50% WP) Presentation
HPM Panther (Captan 50% WP) PresentationHpm India
 
ZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationKings Reddys
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfDarryl_Carr
 
Research Showcase 2024 final presentation slides
Research Showcase 2024 final presentation slidesResearch Showcase 2024 final presentation slides
Research Showcase 2024 final presentation slidesenterpriseresearchcentre
 

Recently uploaded (20)

Polyene General Industries Private Limited
Polyene General Industries Private LimitedPolyene General Industries Private Limited
Polyene General Industries Private Limited
 
General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024General Mills Presentation at CAGNY 2024
General Mills Presentation at CAGNY 2024
 
Diageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYDiageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNY
 
Charlie Caldwell - Living Smart with AI.pdf
Charlie Caldwell - Living Smart with AI.pdfCharlie Caldwell - Living Smart with AI.pdf
Charlie Caldwell - Living Smart with AI.pdf
 
Carol Scott - How to Thrive in the AI Era.pdf
Carol Scott - How to Thrive in the AI Era.pdfCarol Scott - How to Thrive in the AI Era.pdf
Carol Scott - How to Thrive in the AI Era.pdf
 
publicpolicy-130621235359-phpapp02 2.pdf
publicpolicy-130621235359-phpapp02 2.pdfpublicpolicy-130621235359-phpapp02 2.pdf
publicpolicy-130621235359-phpapp02 2.pdf
 
Bryan_Cassady - AI Powered Innovation.pdf
Bryan_Cassady - AI Powered Innovation.pdfBryan_Cassady - AI Powered Innovation.pdf
Bryan_Cassady - AI Powered Innovation.pdf
 
Kraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdfKraft Heinz Presentation at the 2024 CAGNY.pdf
Kraft Heinz Presentation at the 2024 CAGNY.pdf
 
Questions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxQuestions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docx
 
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...Zero Budget Marketing  Strategy with KPIs for a Cleaning Detergent  Training ...
Zero Budget Marketing Strategy with KPIs for a Cleaning Detergent Training ...
 
02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf
 
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
 
Sample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO StrategySample Competitors' SWOT Analysis for your SEO Strategy
Sample Competitors' SWOT Analysis for your SEO Strategy
 
Hershey Presentation at 2024 CAGY Conference
Hershey Presentation at 2024 CAGY ConferenceHershey Presentation at 2024 CAGY Conference
Hershey Presentation at 2024 CAGY Conference
 
Actionable Fundraising Planning - Slide Presentation.pptx.pdf
Actionable Fundraising Planning - Slide Presentation.pptx.pdfActionable Fundraising Planning - Slide Presentation.pptx.pdf
Actionable Fundraising Planning - Slide Presentation.pptx.pdf
 
HPM Panther (Captan 50% WP) Presentation
HPM Panther (Captan 50% WP) PresentationHPM Panther (Captan 50% WP) Presentation
HPM Panther (Captan 50% WP) Presentation
 
ZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English Presentation
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdf
 
Research Showcase 2024 final presentation slides
Research Showcase 2024 final presentation slidesResearch Showcase 2024 final presentation slides
Research Showcase 2024 final presentation slides
 

[REPORT PREVIEW] GDPR Beyond May 25, 2018

  • 1. RESEARCH REPORT GDPR Beyond May 25, 2018 Implications for Strategists and Marketers FEBRUARY 6, 2018 BY SUSAN ETLINGER PREVIEW VERSION
  • 2. 1 Table of Contents 2 Executive Summary 3 Introduction 5 What is the GDPR? 8 Opportunities for Global Business 12 Recommendations 14 Endnotes 15 Methodology 15 About Us 16 How to Work With Us
  • 3. 2 Executive Summary On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. It will harmonize existing data protection laws in the European Union (EU), but, as importantly, it will fundamentally strengthen the rights of people in the EU to control their personal data. There is no question that the potential impact of GDPR is massive, and much is still unknown. What is clear is that it will trigger profound changes within organizations of all kinds that collect data from people in the EU, requiring alterations in process, technology, delivery, and design of products and services, communication, and organizational structure, among many other things. But while GDPR represents a significant disruption to business operations in the short term, it also represents a strategic opportunity in the longer term. This report is not a “how to” for GDPR compliance. Rather, it lays out the strategic opportunities that come from more transparent and trustworthy interactions between individuals and organizations: product, service, and business model innovation; customer experience and loyalty; operations; brand reputation; and competitive positioning.  
  • 4. 3 Introduction One fact increasingly affects us: We live in a data-rich world. As IBM famously stated: “Ninety percent of the data in the world was created in the past two years alone,” and that time span is narrowing.1 While technology access remains uneven, the availability of increasingly personal data — gathered by sensors, social media posts, images, mobile phones, websites, closed circuit TV, videos, and transaction records, among others — challenges established notions of privacy rights. The discussion of the individual’s right to privacy has been particularly intense in the EU, where data protection has been a high priority for years. The focus has been to find a way to restore control of personal data to the individual, improve transparency, and fundamentally change the way organizations approach data collection and use. On April 14, 2016, the EU Parliament approved the GDPR as a single, legal standard across the EU “to make Europe fit for the digital age.” More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed.2 The new law goes into effect on May 25, 2018. GDPR will trigger fundamental changes to all organizations, no matter their location, that collect data from people in the EU. For this reason, it is a mistake to view it simply as an “EU issue,” an obscure regulation or a compliance exercise handled by a team with a checklist. The breadth and depth of changes demanded by GDPR is vast and could well influence how global companies treat personal data for many years to come.
  • 5. 4 There is no question that GDPR calls for changes in data collection and processing that significantly disrupt organizations. Some question whether the breach notification deadline of 72 hours is even possible given the complexity of corporate database structures and information technology environments. Data access regulations are also challenging, as extracting and exporting all personal data from apps and systems in an accessible format is no easy task. But as challenging as GDPR may be for the groups working on complying with the regulation, it also represents an opportunity: to develop new data-centric and compliant products, services, and business models and reset trust with customers, clients, consumers, and the general public. FIGURE 1: MOST CONCERNING ISSUES ABOUT ONLINE USAGE ACCORDING TO INTERNET USERS IN THE UNITED STATES AS OF MAY 2017 (SOURCE: STATISTA) Cyber crime such as having your money or personal information stolen online Cyber attacks via internet to disrupt life in th U.S. ( e.g. online theft & of classified info, disrupting services) Fake news stories and propaganda on social media Companies collecting and sharing your personal data online with other organizations Online survelliance of U.S. citizens by U.S. government Children accessing online content of an inappropriate nature Hurtful or personal things about you being posted online None of the above Don’t know 59% 49% 31% 30% 26% 23% 7% 4% 11% 0% 10% 20% 30% 40% 50% 60% 70% Share of respondents But there are reasons beyond compliance that organizations should consider in the wake of GDPR. In the United States (US), at least three of Internet users’ top 10 concerns relate to the way companies and governments use their personal data (Figure 1). While cyber crime and cyber attacks appear to be the most salient worries, 30% of U.S. Internet users are concerned about “companies collecting and sharing your data.” SOURCE: Statista
  • 6. 5 What Is the GDPR? The GDPR is comprehensive regulation that governs the way all organizations may use the personal data of people in the EU. It is rooted in a series of historic and regulatory events, including the Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, which is “a set of recommendations endorsed by the EU and the U.S. that set out to protect personal data and the fundamental human right of privacy.” 3 Overall, the regulation is intended to harmonize existing EU privacy laws across Europe and return control of personal data to the individual — who the regulation refers to as the “data subject.” Understandably, a key question for many is the effect on the United Kingdom (UK) post-Brexit — an issue that is and will continue to be addressed by the EU and the UK Information Commissioner’s Office (ICO).4 KEY CHANGES OF THE GDPR The GDPR contains ninety-nine articles that detail the specific rights of individuals and the responsibilities of the organizations that collect and/or process their data.5 The EU also has laid out the key changes to previous European privacy legislation that focus on the following areas: • Territorial Scope, • Penalties, • Consent, and • Rights of the Data Subject. The following is a digest of the key changes in the GDPR. It is not intended to replace a thorough reading of the text. To review the complete text, visit the the EU Protection of Personal Data site. Compliance checklists for data controllers and data processors are available on the ICO website. TERRITORIAL SCOPE GDPR applies to any organization that processes the personal data of someone in the EU or UK, regardless of where the company is located. This means that any company — whether brick-and-mortar, online, or both — with customers who live in the EU must comply with the regulation or face stiff financial penalties.6 PENALTIES Companies in breach of GDPR “can be fined up to 4% of annual global turnover (generally speaking, gross revenue) or €20 million (whichever is greater)”.7
  • 7. 6 CONSENT The GDPR provisions for consent focus on a number of issues related to personal data, including: 1. How companies request it; 2. How and with what language and context it is granted, and 3. The ease of withdrawing consent — the right to be forgotten. In all cases, the language used must be clear and plain (not dense and legalistic), the purpose for requesting the data must be clear, and the consent for using the data must be distinct from other topics. RIGHTS OF THE DATA SUBJECT GDPR primarily concerns itself with three key principles: how organizations request and manage consent, how they manage the use of and secure the data, and the organizational oversight needed to protect the “data subject” (Figure 2). “The US Guide to Getting Consent”, published by the International Association of Privacy Professionals, is an excellent resource to better understand the nuances and user experience issues related to notice and consent.8 PRINCIPLES GOVERNING CONSENT • Clear, Specific Purpose • Plain Language • Easy to Withdraw Consent PRINCIPLES GOVERNING DATA USE • Right to Access Data • Right to Explanation • Right to Transfer Data (Data Portability) • Right to Object to Data Profiling • Right to Be Forgotten • Breach Notification ORGANIZATIONAL RESPONSIBILITY • Privacy by Design • Data Protection Officers PERSON (aka The “Data Subject”) FIGURE 2: RIGHTS OF THE DATA SUBJECT
  • 8. 7 People in the EU are empowered by the following rights: 1. Breach Notification. Governs the processes and timing for organizations to notify relevant parties about a data breach. 2. Right to Access. Expands the rights of individuals to access their data, understand where and for what purpose it is being processed, and receive a digital copy if they request it. 3. Right to Explanation. Automated decision-making is another important aspect of GDPR. Articles 13-15 provide rights to “meaningful information about the logic involved” in automated decisions. As argued by Andrew D. Selbst and Julia Powles, “This is a right to explanation, whether one uses the phrase or not.” 9 4. Right to Be Forgotten. Entitles people to have their personal data erased, cease further dissemination of it, and potentially have third parties halt processing of the data as well 5. Right to Object (to Data Profiling). Grants people the right to object to having their personal data used to evaluate or profile them with regard to “aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.” 10 6. Data Portability. Enables people to receive the personal data concerning them that they have previously provided in a “commonly used and machine readable format” and have the right to “transmit that data to another organization.” 7. Privacy by Design (and by Default). Requires organizations’ data controllers to follow privacy-by-design principles, including using the minimum amount of data possible and limiting access to personal data. 11 8. Data-Protection Officers. Requires organizations to appoint a data-protection officer, and lays out the requirements and responsibilities for that role. These rights have implications that extend deep into a business: security, compliance, legal, marketing, operations, product development, finance, and customer service, to name a few. At the same time, we should expect to see a range of responses to GDPR across the globe. According to a a 2017 PwC pulse survey of C-suite executives from large American multinationals, “54% reported that GDPR readiness is the highest priority on their data-privacy and security agenda”, and “77% plan to spend $1 million or more on GDPR.” 12
  • 9. This preview version of “ GDPR Beyond May 25, 2018 ” contains only the first seven pages of the report. To download the entire report, free of charge, please visit the link below: http://bit.ly/altimeter-GDPR-strategy