The raw material of the knowledge society
It’s no secret that we are living in an information age. In today’s society, the creation, distribution, use, integration and manipulation of information is a significant economic, political and cultural activity. And it is driven significantly by digital information and communication technologies.
You don’t have to be a cyber security expert to realise that big data is worth big money.
The General Data Protection Regulation of the European Union (EU GDPR), the recent legislation that came into effect on 25 May 2018, governs the protection of the personal data of natural persons within the EU. In short, it aims to protect users’ privacy by imposing greater accountability on those who process personal data. It comes at a time when data is emerging as an increasingly valuable commodity, but what clues does this legislation offer for the future?
According to new findings released in PwC’s 2018 Global State of Information Security® Survey (GSISS), only 31% of respondents say their corporate board directly participates in a review of current security and privacy risks and a mere 32% had started a GDPR assessment in 2017.
Only 51% of executives have an accurate inventory of employee and customer data.
Whilst almost every continent has its own ideas for protecting its citizens, lawmakers appear to be grappling with how to balance the incredible opportunity big data offers with the potentially life-changing consequences of a personal data breach. Of course, legislation and government intervention are only one part of the story. Growing worldwide consumer awareness also places increased demands on corporations to be more transparent about their personal data processing activities. For companies whose digital assets are optimized to capture every byte of data, used to build personalized profiles and stored for persuasive and targeted messaging, it is less an exercise in compliance than it is of building trust.
Big business would do well to heed the call for caution. As more and more devices enter the everyday lives of consumers, the risk that a personal data breach could significantly damage a business’s operations, revenue or reputation grows exponentially. Whether it’s netizen journalists exposing illegal practices and creating a PR nightmare or law firms waiting to pounce on the next EU GDPR violation, there is no such thing as a free lunch and no opportunity without risk.
The future of data protection and privacy laws may not be set in stone, but all indications are that data will play an increasingly important role in the lives of both big business and people. The advice to big business is to build cyber security and privacy risk management into digital transformation strategies from the outset. The advice to consumers seems to be: be aware of your personal data and know your rights so that you can proactively defend them.
Over the coming months, we’ll be unpacking EU GDPR in more detail. In consultation with our course partners, PwC Legal Switzerland, we’ll look at pressing issues like what to do in the event of a personal data breach as well as the roles and responsibilities of the Data Protection Officer.