We are so very lucky to belong to a vibrant ecosystem of technologist in New England. The IEEE Boston Section (that’s us), publishes a monthly magazine to IEEE members and makes a copy available to anyone interested in the events organized by more than 30 specialty groups. There isn’t a week that goes by that doesn’t involve something from our almost 10,000 members. Below is the April 2018 Editorial concord GDPR published in the Digital Reflector, our magazine, that can be found on issuu.com, or by clicking the link (https://issuu.com/ieeeboston/docs/april2018)
by Kevin Flavin
Amazon has patented Gesture-Recognizing Drones, humans will be able to ‘flag-down’ a drone.
Inspection Drones can detect unmarked Gas Wells for PA Highway Project.
What began as an article about drones this month has changed to something more pressing and a much greater impact. Not only for large companies, but probably more substantively for smaller companies and organizations.
Originally we had scheduled an article about drones, and the impact across the industry.
However, with less than 60 days until GDPR or General Data Protection Regulation (EU 2016/679) becomes effective, the priority of the editorial shifted to this topic.
The European Commission (EU) recently passed legislation in 2016, that becomes effective on 25 May 2018, regulating the processing of personal data relating to individuals in the EU by an individual, company, or organization.
This regulation covers the communication between EU citizens and you, or your company, or your organization, with the exception of ‘household use’. It’s important to note that the EU Commission’s website describes the ‘household use’ as your address book and invitations sent for a dinner party, for example. Unless you are on that level of familiarity with everyone in your address book or email list, then there is some work for you to do.
While on the surface it seems as though these guidelines only apply to individuals from the EU, it is critical to note that EU nationals are covered by this regulation while they are working or traveling abroad, regardless of the location of their work or whom they work for.
The ramifications of GDPR are, therefore, global. An article in Forbes reports that more than $7.8 billion USD will be spent to become compliant. Generally, companies and organizations are going to apply the same rules to all the personal data because it will be too difficult to cull out just the EU application portions. Hence, North American, Asian, South American, African, etc will most likely see the same forms, and terms and privacy statements as the EU nationals are served.
The penalty for failure is up to 4% of annual global turnover, or 20 million euro, whichever is greater. Further, even if your records ‘are not in order as defined by article 28, the penalty is up to 2% of annual global turnover. For the non-accounting set, turnover is revenue, before expenses.
As a person signing up for a newsletter or notification from a website, basically, each communication you receive from then on will involve multiple ‘opt-ins’ and notifications of terms that you will need to agree to.
Why did the EU do this?
From my personal opinion, I am not surprised, but I am surprised at how quickly they acted. Data vulnerability is a problem. Considering the revelations this week about Cambridge Analytica and Facebook, I don’t think it’s a master leap to see that this sort of protection is desperately needed for the common citizenry. Let’s not forget the Equifax breaches, and also this week, the Orbitz travel site’s credit card exposures.
So, break down the winners and losers of this new GDPR law.
1. Companies and organizations
Pain: If we assume that all legal-minded and legitimate businesses adhere to the spirit of the law, then they will have spent a lot of money to keep the current relationships that they have nurtured over the years, or at least bought from an email list vendor.
Gain: However, marketers should see an increase in efficiency related to the new laws. Think about this, of those potential customers that don’t ‘opt-in’ to the new communication, those subscribers were just ‘noise’ to the real engagement between your customers and you. The remaining potentials on your email lists, for example, will be high-probability potentials, and your costs per new sale should be lower.
2. Dear Reader, or Common Citizenry, beyond just EU nationals
Pain: the incessant clicking and reading of terms to opt back into an email list that you want, love, and need. It’s going to be a hassle, especially since we’ve become accustomed to waving our phone over a device to pay for things, or looking at the phone for it to turn on. Life is going to sloooow down. Except for the illegal spammers (see below).
Gain: fewer worries about lost information. Schadenfreude from the penalties that sloppy and careless organizations will need to pay for not taking care of ‘their house’. Hopefully, you don’t also fall into this category. Probably most importantly, a cleaner email inbox.
3. Direct mail companies
Pain: Reminding organizations that mail is still a thing, and its viable.
Gain: Validation that direct mail is still a thing, with few competitors, and amazing knowledge about the customer demographics.
Pain: closing the local offices in the EU, or any western country for risk of getting caught.
Gain: fewer competitors from the local EU. Since the spammers can hide ‘offshore’ and spoof their email domains, etc. They won’t care about getting penalized because they will never pay the penalty and will be gone before the first hint of an investigation.
Sure, there are many more winners and losers in this scenario. I haven’t touched on the consulting firms that will assist organizations, they will win as they work with and help their clients to adapt. However, the clients, the organizations that will need to adhere to the new rules will also win. They should be less breaches, with more controls over information because of this regulation, the weaker organizations will be penalized and will disappear as they lose clients to the better prepared organizations.
Regulations tend to be pretty good for an open capitalist society. Regulations lay down the rules, creating boundaries within which to compete. But this discussion is for another day. Today is not that day. Today we prepare for May 25th. Go!