Has GDPR really changed the relationship between businesses and their data subjects?

In part one of our data series we examine the role of honesty in data collection

Graphic depicting the transfer of data across the globe

In the wake of the Cambridge Analytical scandal, the methods that companies use to protect personal data and maintain privacy have come under increased scrutiny.

Those businesses that have been collecting what is regarded as highly personal information about their customers have enjoyed relative freedom to manipulate and even exchange such data with other enterprises. Consumers have, in many cases, come to accept access to their data as a necessary trade-off for using digital services, at least until now.

The arrival of the General Data Protection Regulation (GDPR) in May 2018 redefined the relationship that consumers and their data have with those businesses that harvest and manipulate such information. Valid consent must be clearly given to an organisation for whatever they wish to use a consumer's data for.

Yet it's not an isolated regulation. It's flanked by the OECD guidelines on the Protection of Privacy and Transborder Flows of Personal Data, as well as Convention 108 the Protection of Individuals with regard to Automatic Processing of Personal Data which has been in force for several years.

Advertisement - Article continues below
Advertisement - Article continues below

On the surface, it may seem that regulations are beginning to reign in what was once a data Wild West, but have such moves really changed the way personal data is being used?

The data citizen

The exchange of personal information that's often freely given to businesses is a part of what it means to live in today's digitally-driven society it's why so many now consider data to be the new oil.

The data subject understands this relationship, and even though GDPR provides the means to effectively disconnect yourself from a company seeking to use your data, only a small minority of customers are actually doing so.

Research carried out by Broadband Genie revealed that 85% of respondents would still consider using a service even after it had been hacked, depending on how the company concerned reacted to the data breach.

Similar research from GDMA, UK DMA and Acxiom, found that 51% of respondents across four continents would share their personal data with business if there was a clear benefit to them. Moreover, 26% of global consumers are 'Data Unconcerned'; people who show little or no concern about the use or collection of their personal data.

Less than 1 in 4 (23%) fall into the 'Data Fundamentalist' segment; people who are unwilling to share personal information under any circumstances. Consequently, it is now the vast majority of global consumers (77%) who show no fundamental objection to engaging in the data economy.

Advertisement - Article continues below

"It is incredibly important these days to understand how consumers view data privacy across the globe and encouraging to see how similar they feel about key issues," said Sheila Colclasure, global chief data ethics officer at Acxiom.

It's clear there's still a trend towards the acceptance of data collection provided the relationship provides genuine benefits. Today, strong customer service hinges more on honesty and the actions taken in the event of a breach.

Indeed, innovative businesses are using the propensity of consumers to share information as the basis of new services. A good example is OpenActive, a platform supported by Sport England and delivered by the ODI that helps the sport sector open up data about when and where activities are taking place. This enables start-ups to build applications and services that make it easier for people to find gyms, clubs and classes near them.

In addition, Gladstone a leading leisure management software company has made it possible for all customers who use the platform to start to publish their data openly too, which a number have already taken advantage of.

Advertisement - Article continues below

Services like this are based upon their ability to connect personal data with a value it can deliver to its owner. More 'open' data doesn't, of course, mean less secure. A balance has to be struck where data is exchanged for a service, with the risks for potential data breaches minimised by both consumer and the business or organisation they are partnering with.

Big data, big responsibility

Despite a willingness to share, consumers often feel that they are not in control of the data they are asked to provide to unlock the goods or services they want to access.

Advertisement - Article continues below

One such service attempting to remedy this is the DECODE initiative, a set of open-source tools and protocols which aim to give people granular control over how personal data is shared. This includes the ability to decide who they share data with, for how long, and for what purpose.

The role of DECODE is to provide user-friendly tools that allow people to decide whether they keep personal data private or share it for the public good. From a business perspective, DECODE hopes it can be used by enterprises that want to build greater trust with their customers, while moving away from extractive approaches that are usually invisible to the end-user.

DECODE is led by the by the Technology and Innovation Office at the city of Barcelona and delivered by a consortium of 14 European partners, including innovation foundation Nesta. IT Pro spoke with Theo Bass, researcher for government innovation at Nesta, to ask whether consumers really have control over the data that is collected, shared and sold between companies.

"GDPR strengthens our rights to access, erase and control personal data. However, the use of these rights implies that individuals have full knowledge over who is collecting, storing and processing this information," explains Bass.

"The problem is the sheer extent of personal data collection nowadays, from 'smart city' technologies installed in public spaces, to the complex secondary data markets that collect information about us behind the scenes when we're browsing the web."

Ultimately a balance has to be struck to ensure the digital services that are now part of modern life can continue to be used safely within the framework of tougher regulations. This is possible, but it requires businesses to be willing to change the ways in which they collect data.

Advertisement - Article continues below

"We need much greater experimentation and willingness from governments and companies to build trust with citizens and users," adds Bass. "Governments at all levels should also educate the public to become savvier about data, as they now are about issues like plastic pollution, air quality or Fairtrade foods, rather than passively accepting any terms and conditions they are confronted with."

As Mark Settle, CIO at Okta, explains, as investment in technology increases, so too does the amount of personal data moving through the economy, which in turn raises questions about data ownership.

Advertisement - Article continues below

"While some of the responsibility will always be with users to determine what they share ultimately, most incidents of data leakage are due to organisation negligence," he says.

Given the nature of our data-driven world, tougher safeguards have never been more important, yet they don't necessarily signal a drastic change in the customer-business relationship. Companies are still able to extract just as much commercial value from the data they collect, they just now need to be honest about it.

In part 2 of this three-part series, we will be asking the question: is data the new currency?

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020