In the 1990s, people saw the internet as the prelude to a utopian age. An endless amount of information would be accessible to everyone, just one click away. But freedom of information turns out to be ambiguous. The Facebook-scandal shows that personal data can be processed easily too, and has a strong economic value. A costly fuel, which produces very useful and especially lucrative insights. Big Data is the new Big Oil – the raw material of the 21st century that makes new industries big and tech-titans mighty. By taking risks, pushing the limits or not using moral criteria, data could end up in the wrong hands.
But often also other organisations – from municipalities and universities to multinationals and SMEs – process more data than the data subject are aware of. There is a good chance that your organisation (unknowingly) also does not comply with the new European privacy rules.
With the General Data Protection Regulation (GDPR), the EU aims to strengthen European citizens’ rights. From May 25th onwards, the 99-page document places responsibility for data protection in the hands of the processors. This requires new knowledge about privacy rules within organisations. By not complying to the GDPR, they may risk fines up to twenty million euros. You cannot get away anymore with a simple ‘we didn’t know’. Ignoring GDPR could cost you dearly.
GDPR puts a big emphasis on communication with the client, because that is where it quickly goes wrong. To a client or person, it is often unclear what kind of data about them is processed – through an app, web page or social network. And he has absolutely no idea in what other way his data is being used. For instance, to offering him tailor-made ads.
Data miners rather keep silent how they handle data. Once in a while, by accident, a scandal breaks. Cambridge Analytics for instance clearly misused data bought from Facebook. Knowing that this happened is an incident, the fact that it happened is not.
For the EU, privacy is no longer a policy obstacle that an internet giant can sweep aside in favour of innovation. Privacy is an intrinsic value, important for the prosperity of society. People need privacy, as scientific research teaches us, to create an own identity. It protects individual autonomy and the opportunity for personal development. And, the other way around, a lack of privacy makes us suspicious and inert. Privacy helps us to go forward as a community.
Threats always also provide opportunities, that is about the first lesson they teach in organisational science. That’s why Hague’s message is: be clear, let the client decide and keep a paper trail. It will become mandatory to actively inform your contacts about data usage. Clients or members do not only have the right to know what data is being processed, but also why and for what purpose it will be used. All data has to be presented upon request. The way it is used by your organisation needs te be very clear. Such information cannot be hidden anymore in the misty jargon of terms and conditions.
Tackling societal challenges head on is usually profitable for a company. If you compare data mining with drilling for oil, you can call data protection the new corporate social responsibility. It establishes reputations and improves authority. Responsible companies motivate their employees, which improves productivity. Not just because the demand for products goes up, but also for ethical reasons. It is adds to an organisation’s value to be transparent and fair.
Hague proposes to do more than just the usual corporate communication. Be transparent about the use of personal data in all your communication, not just towards the client. Such transparency shows that the goodwill towards your contacts (and their privacy) is heartfelt. Make clear that you are serious about securing sensitive data, and that your people process data safely.
To eliminate risks, and to add goodwill, will be a key factor for reputation. Shortly, everybody will be busy with data protection: more legislation is on the way. For many, this will be out of necessity. Those who embrace the opportunities it brings, will lead the way.
That is why especially now proactive communication about how your organisation deals with privacy, is very good for reputations. Transparency about privacy is the new corporate social responsibility.