Why GDPR is an opportunity to move forward
We are all investors in the fast-developing data economy.
Every online interaction we have generates information about us, adding to the ever-increasing digital trail we each leave behind. In a world where homes, tablets, and even toothbrushes can connect to the Internet, everything is as a potential data funnel.
When the Cambridge Analytica scandal hit the headlines, it finally shed a light on incredibly important data concerns – who collects our data, what is it used for, and just how safe is it?
Despite the fact that most people feel personally responsible for protecting their personal data (63% according to a Gigya survey), users are often left clueless as to how they can safeguard their information. The terms and conditions that come with many of the tools and services they rely on are often so impenetrable that they’re left with little option but to simply accept them.
Like oil before it, data is used as a driver of growth and innovation for companies that are adept at harvesting vast amounts of user information. But how this actually happens is far less clear.
“Digital information is unlike any previous resource,” claims The Economist. “It is extracted, refined, valued, bought and sold in different ways. It changes the rules for markets and it demands new approaches from regulators. Many a battle will be fought over who should own, and benefit from, data.”
What is GDPR and why should I care?
The General Data Protection Regulation (GDPR) is the EU’s attempt to restore parity to consumers by giving them greater control over their data. From 25 May 2018 onward, organizations will need to make it explicitly clear to users what data they are collecting, why they want it, and how they plan to use it. Users must also clearly opt in before any data capturing can take place.
Companies that fail to comply with the regulations face bank account-sapping fines of up to 4% of global revenues or €20 million.
Though they technically only apply to European users, the GDPR changes will, in reality, affect countless companies and users regardless of where they are located. The tech world is simply too interconnected for it not to.
It’s a big deal and a long-overdue win for consumers.
What would Learnosity do?
As much of the tech industry frantically scrambles to get GDPR-compliant user data security procedures in place, the team at Learnosity views the upcoming changes as an opportunity.
“We took security seriously from the start,” says Denis Hoctor, Learnosity’s Director of Product and Business Intelligence. “We’ve built processes around it that we test continuously with the aim of staying best-in-breed. The GDPR changes were always low-risk for us. They gave us a chance to take stock and make sure we were following best practices to protect our clients’ data. It’s like a validation process really: we’ve had a chance to give our procedures an oil check and see how well we’re meeting our own standards and sticking to our core values as a company. And I’m very satisfied with where we’re at.”
But how does a company whose product is used by clients with millions of users go about ensuring compliance? Can it really be so straightforward?
Championing the product’s compliance charge is Technical Product Owner Nina van der Kley.
“We’re in a really fortunate position,” she says. “We actually didn’t need to do too much as we were already using anonymized client data for our main product offering. We’d put down a solid foundation for GDPR compliance by always taking a general privacy-minded approach to developing our product stack. We’re using the new regulation as an opportunity to fine-tune and focus specifically on consumer rights.”
Nina outlines a number of measures the team has taken, including:
- Refining processes for user notification of our Clients’ users, should we have a data breach, to be compliant with new GDPR notification regulations.
- Double checking our already-established mandate that all student response data is anonymized and GDPR compliant.
- Implementing a process to efficiently handle any support requests related to “right to access” and “right to be forgotten”.
- Updating our mailing lists and forms across all sites to have a “double opt-in” workflow, where users must sign up themselves and also confirm their consent in a follow-up email.
For a company whose ethos is informed by honesty and trustworthiness, the introduction of the GDPR puts a welcome focus on transparency for end users.
“We support consumer rights,” continues Nina. “It’s great that regulations like the GDPR are being introduced. They help empower individuals to exercise control over the representation of their identity in an ever-evolving, interconnected world.”
Indeed, embracing the GDPR should be seen as a chance for service providers to further cement the quality of their relationship with their users.
“Our clients and users need to have confidence in our product and services,” explains Denis. “We’ve spent years building that trust, and we’ve done it by always providing high-quality technology and straightforward transparency. The new regulations just help make our efforts more visible to more people.”