GDPR – This Week in Compliance and Ethics

GDPR reaches a fevered pitch as we lead up to May 25. Here's the buzz.

^{image source: Google Trends search and snapshot, accessed 24 May 2018}

SAI Global's ethics and compliance team hand-picks articles and content from different online publications and shares them on our blog. Here are some of the more interesting and thought-provoking articles we'd like to share from the past week or so – this time, with a specific flavor: GDPR.

If you've somehow escaped the fevered pitch that is GDPR – you're lucky and unlucky at the same time. Lucky, in the sense that the topic (rightfully so) dominated the news cycles for all those clamoring to learn more. In fact, it was more popular (at least for a week or so) on Google than an international pop star. You're unlucky, in the sense that if you don't know anything about it, now is the time to learn. It's a sweeping change to how data and privacy are even thought about, starting (but not ending) in the EU. And if you missed out – we have you covered. Click each headline for the story.

Personal Data is a Fundamental Right: the Human Side of GDPR

When we interact with a device or an app (let's say we go for a run, and use Strava to track our pace and distance) – who owns that data? Strava, the app maker? Or us, the human on the run?

By 2025, according to IDC, people will interact with connected devices almost 4,800 times per day, up from just 218 in 2015. Our personal data has become that much more valuable, and more vulnerable.

Read more about how personal data is a fundamental human right, and not a collection of 0s and 1s for an app maker.

How CMOs Should Approach GDPR and Evolve Their Roles

Despite being an EU-heavy initiative, Forrester CMO Victor Mulligan opines that chief marketing officers (CMOs) should assume that GDPR and any other regulations that will be introduced in the future will become the global law of the land.

Mulligan offers this: “None of this can be done without mastering data and technology to deliver individualized experiences at scale.” Indeed. GDPR has been likened to the Y2K of privacy. We're at the dawn of a tectonic shift in the data age. And we need all the help we can get.

How GDPR Links Compliance to Data Privacy and Data Protection

While it's clear that the effects of GDPR will reach far and wide across all industries, we'll be keen to keep an eye on how this new regulation will influence Facebook, Twitter, and other global media companies that rely heavily on user data to customize experiences and deliver targeted advertising (see previous Forrester article). The most significant GDPR impact will be to these online media companies and social networks that use data-driven targeting for advertising and customization.

Will GDPR Halt Machine Learning in its Tracks?

One of the core tenets of GDPR is the transparency of the process (snuggle up with Article 12 for more information). But what about advancements that are inherently obfuscated? Is machine learning doomed? That's not the case, according to Software Testing News. GDPR isn't dangerous for machine learning. According to Can Huzmeli, GDPR Delivery Manager at ICAN Consultancy: “As long as the way you do your data processing is secure in terms of privacy, you can use any algorithm. […]If you also do not illegally share the output of your algorithm, then you are safe.”

The State of the State, with Respect to GDPR

Small businesses are overwhelmed. IT professionals, despite being in the know, feel they (collectively) are not ready for today. UK marketers are ready to open their wallets. But, two out of three people now feel more comfortable sharing their personal data, thanks to the new regulations. These micro-stories and others, in Econsultancy's GDPR Stats and Surveys roundup.

You Can't Spell Policy Without “SSSS”

It's May 25, and you're GDPR-ready. But have you written and communicated out your privacy policy? No doubt you (or your inbox) has seen the deluge of 'We're updating our terms of service” messages. Onslaught aside – it's no joke. GDPR ushers in a raft of new procedures. But it's worthwhile to separate out the difference between policy and procedure.  It's spelled out for you here in part six of this six-part series. And if you're hungry for more, scroll to the bottom of this one to see links to the other five parts in the series. 

Thanks for reading This Week in Compliance and Ethics from SAI Global. If you're interested in reading more about the world of ethics, compliance, culture, and risk, visit the rest of our blog.