In this blog, I am going to share some background information about data privacy history, and how we arrived today at what’s called: General Data Protection Regulation (GDPR). To many of my Nordic friends, this might already be easy to understand. You may be wondering why I am here defining the terms. The answer is that my inspiration came from our independence day event conversation. I was at a table with a respected colleague who was thinking out loud. He was mulling over how business was performing for everyone else at the table. Was everyone doing well? It made me realize that even if you have heard of the acronym GDPR, you might not still have a clear understanding of what the term means for you and your business.
This blog is to help you understand the matter moving forward.
I will be approaching the matter from an ICT System Vendor point of view, providing you with tips that you should ask your existing vendor. To find out more, keep reading on with my series of blogs.
History of GDPR
Once upon a time, there was the safe harbor law. The safe harbor law specified that certain conduct would be deemed not to violate a given rule. Vendors frequently referred to this regulation if a client or partner asked something about their data and the location where it was stored. Vendors knew that they actually had no idea where the physical storing of the data was occurring, but since most vendors like Microsoft or Google were in the U.S., they just told their clients that.
Unfortunately, the safe harbor law is a thing of the past. No one really refers to it anymore. Very few vendors actually understood the concept of it in the first place.
What happened to the safe harbor?
During my years spent doing business in Russia, traveling back and forth to Moscow, I actually learned that the initiative to adopt GDPR originated in Russia, under Mr. Putin. In total, the European Commission decided to quickly establish GDPR, but it was Mr. Putin who put the directive in place much earlier. Since there were sanctions between the EU and Russia, it made sense that the EU came to a similar conclusion. Ahead of their time, Russians were already pondering such a regulation in 2014, though it took until 2017 for the EU to follow suit.
When talking about data privacy or organization information security policy, GDPR is often referenced from a financial perspective, particularly, a penalty of non-compliance. Before GDPR, data privacy was considered a good thing, centered on promoting respect among organizations. However, when GDPR peaked above the horizon, a new messaged arrived stating, “If you do not buy this service, you might end up in trouble, paying a maximum of 20 million euro, or 4% of your annual turnover.”
This reminded me of the time when computer Trojans or anti-virus software marketing was based on scare tactics. Similar to when countries changed to the euro currency back in 2001 and the threat loomed that business would suffer moving forward. The point is that with change comes uncertainty, and with uncertainty comes apprehension to embrace something new, something that could be valuable. To me, this is an unavoidable development of an inevitable subject – and it’s not a bad one anyway. The countdown is on, and I am waiting for the space shuttle launch, ready to journey somewhere new.
Preparing for GDPR
GDPR is here and it’s here to stay. Though it was passed in 2016, the next notable date on your timeline is its official rollout May 2018. There is nothing you can do now to thwart the implementation of GDPR. It’s a done deal, one that included many conversations and negotiations among key players. Now, all we can do is prepare for its arrival. If you are just hearing about GDPR, it’s not too late to learn more about what it means for you and your business.
Many are awaiting this spring date with fear, uncertainty, and anger in their hearts. When should we expect the first big trial and complaint by individuals to be made? Which country will it be coming from within the EU? These are the questions keeping people up at night right now as everyone struggles to totally comprehend the GDPR premise.
Now that you know not to be afraid of the tiny acronym, I am hoping that you are willing to approach the subject from a more positive mindset. All amazing, groundbreaking concepts in our world were first met with misunderstanding and backlash, too. With GDPR, try and see it positively. Maybe in the future, there will be no one selling your email to a list of cold-contacts. Maybe that list will turn into a real subscription model again. Maybe the topics you are interested in and the vendors that you are eyeing are easier to approach and to communicate with. Maybe they’ll have more relevant information about their offering, presenting offers that are directly needed by your business.
In the next part of my GDPR series, I will be looking at some of the specific changes that are to come with the new regulation.
Next article will be published Tuesday 13th of February – keep reading!