I'm old enough to remember when the web arrived in full force. As a result, I really comprehend many of its implications. You could scribe a tome about that statement, but in this post and my next I'll focus on privacy.
Founded in 1996, one of the first companies to broach consumer privacy concerns was DoubleClick – now part of Google. By tracking user behavior via cookies, DoubleClick's technology could do both amazing and powerful things. Advertisers could effectively follow users around the web and serve up relevant ads irrespective of sites. (As an aside, I saw some of this firsthand because I did a two-month consulting gig at the company in 2000.)
It didn't take long for the company to ascend to a lofty valuation (as many dot.com's did at the time). Buoyed by newfangled measures such as "eyeballs" that made traditional Wall Street types wince, DoubleClick served up more than 34 billion "impressions" in 1998 alone.
DoubleClick may no longer exist as a separate entity, but make no mistake: privacy concerns have only intensified in the last two decades. Consider legislation such as the Family Educational Rights and Privacy Act (FERPA) – passed in 1974. One cannot credibly argue that a pre-web law could stand as-is.
The GDPR defines personal data broadly and puts the individual at the center of data protection. It gives every EU citizen the right to know and decide how personal data is being used, stored, protected, transferred and deleted. Individuals have the right to restrict further processing and to request that all their data be erased (the “right to be forgotten”).It's fair to say that the GDPR represents the most comprehensive piece of privacy legislation the world has ever seen. Many business folks doubtless see GDPR as a burden.
I would argue that it's an opportunity.
The marketing angle – aka, the carrot vs. the stick
It's not hard to envision an executive in France thinking about how her company will comply with the new law. I can see someone thinking about how to do the bare minimum. (Insert Office Space reference here.) Here the costs of noncompliance drive the conversation. From the same SAS white paper:
To underline the gravity of personal data protection, the GDPR strengthens enforcement and increases fines for noncompliance. Any organization that does not comply could be fined up to US$22 million, or 4 percent of their global annual revenue (whichever is greater).
That's one way to play it but is it the right one? Perhaps not. Instead of viewing GDPR as cumbersome government legislation, why not think about the upsides of complying with it? What about viewing GDPR as a way of potentially differentiating a company from its competition? For instance, consider how Apple has effectively branded privacy as a feature?
What say you?Get a free e-book with results from a global SAS survey about GDPR