Dutch data privacy campaigner Marleen Stikker had a revelation of the ‘Big Brother’ potential of digital technologies in 1994, just ten years after the iconic date of Orwell’s 1984. As a founder of Digital City – Europe’s first virtual community – Stikker was offered a demonstration of the dark side of what were then emerging technologies.
While many of Europe’s CIO community will have been at the Gartner Symposium/ITXpo event in Barcelona last week, to find out how to gain a competitive advantage, the answer may have been staring them in the face all along.
According to Phil Lam, founder of Lam Advisory, GDPR itself is a real opportunity for businesses to go beyond the minimum regulation and offer the highest levels of security and privacy as a way of drumming up new business.
“If companies consider privacy not just as a way to meet some new regulation, but as a way to differentiate themselves from competitors, that could give them an advantage in winning and retaining customers,” he told Computer Weekly’s Warwick Ashford.
“We need to communicate this value to provide an incentive for organisations to do more than they are doing, and to do more than the law demands,” continued Lam, who also served the Obama administration.
Anything you can do…
And if best practice in data management can give a competitive edge, then why shouldn’t countries outside the EU adopt GDPR? That’s the question asked by Pete Zimmerman, SVP, Service Delivery and Operations at Sonian.
Writing for Information Age, he argues that with cyberattacks only getting worse, and with the lack of any one unified law that enshrines the protection of personal data, that it makes perfect sense for the US to adopt the standards laid out by GDPR. He even thinks it may become an election issue next year, forcing some action to be taken.
“2018 represents another election cycle in the US, with GDPR implementation right in the middle of primary season,” says Zimmerman. “This presents a huge opportunity for lawmakers to take action and make personal data regulation a priority in their campaigns. This dogged focus on data privacy could set them apart from their competitors, but more importantly, get the wheels in motion for legislation that can actually protect consumer data in the US in a period when cybercrime is becoming increasingly more severe.”
Big Blue leaves it up to you
While US citizens might not be afforded the protections granted by GDPR, it doesn’t quite let American vendors off the hook. Which is why IBM must be trying to put it beyond all doubt where EU data sits; and who can access it.
ZDNet’s Steve Ranger reports that: “the company will implement new controls so that access to customer data in its Frankfurt data centre is controlled by EU-based IBM employees only. EU-based staff will also review and approve all changes from non-EU based employees that could affect clients’ data.”
In order to give its customers more control over their data, IBM will also allow the encryption of data on its servers with keys not held by the company. This means that the customer should be the only one capable of decrypting the data, potentially protecting the US firm from any breaches in relation to GDPR.
“Encrypting data enables clients to store their data in the cloud and protect it from theft and compromise. Since the keys remain in possession of the customer, the data is protected from cloud service providers as well as from other users,” said Sebastian Krause, GM of IBM Cloud Europe.
It goes without saying that, along with protecting your documents and securing your printer, encryption of data is an important part of any GDPR implementation strategy. For more information on the steps you can take to ready your organisation for GDPR, download our whitepaper here.