The EU General Data Protection Regulation (GDPR) is set to change the way that we deal with data forever. It comes into force in May this year and is going to have a particularly significant impact for data driven businesses. The GDPR requires a rethink of how we handle data and, in an age where big data provides such vast opportunities for businesses to grow, there could be serious consequences for non-compliance.
How will the GDPR impact on big data management?
Never before has there been such a comprehensive legal requirement to protect data and to be transparent about how it is being used – and how it was obtained. This has huge consequences for anyone processing big data, as it requires much more extensive management and necessitates an understanding of the origin of that data. These are just a few of the ways in which the GDPR could have an impact for you:
The new approach is ‘protection by design’
If your current systems don’t provide adequate protection then you could find yourself in a non-compliance situation with the GDPR. For most, that means it’s time to carry out a thorough audit of how data is collected and what security is in place. But that’s not where it ends. Instead of gathering all the data available and then just hoarding it, businesses now need to take a Data Minimisation approach – taking only the data that is necessary and keeping it only as long as required.
Consent has become the new battleground
Consent to the processing of personal data is one of the key platforms of the GDPR. It gives new and much more powerful rights to consumers when it comes to consent and requires that brands take more trouble to ensure consent has been obtained. This could be troublesome for organisations managing big data. Not only must consent be freely obtained from a consumer who knows exactly what they’re consenting to (i.e. no pre-ticked boxes) but if they want to withdraw that consent at any time then brands must comply.
The ‘right to be forgotten’ is crucial
The GDPR enables consumers to withdraw consent and also gives them the power to ask that all of their data that is held by a business be deleted. This has been labeled the ‘right to be forgotten’ and could be problematic for businesses handling large volumes of data. Not only is it a requirement to be able to trace the origin of that data for consent purposes but there will also need to be a mechanism in place to locate all the data relating to one person and delete it if that request is made.
A lack of compliance could be costly
As well as a more stringent set of obligations, the GDPR also introduces new penalties for non-compliance. Financial penalties could be up to 4% of annual turnover or EUR20 million, whichever is the higher figure. Notification obligations mean there will be no hiding from something like a data breach, and this could have serious implications for reputation.
The GDPR will impact heavily on businesses dealing with big data. If you’d like to review your existing systems and ensure that they are ready, we can help – contact the MarketDeveloper team today to find out more.