Europen Union and United States of America, both have been front runners in enhancing and enforcing privacy regulations across different industries. The focus has been to ensure that firstly there is sufficient notice to and adequate consent from customers before personal data is processed. Secondly, personal data is processed with adequate security measures, and finally that personal data is disposed off securely once the purpose for which the personal data was acquired, has been fulfilled.
The incentives for regulation compliance has been increasing gradually across globe. With GDPR put forth formally, any organization with EU interest has a regulatory risk of higher of 4% of global revenue and 20 million euros. This takes data regulatory risk straight in to the board room.
Conflict between Business and Regulations
The big foe, which has emerged of data privacy other than security and intelligence agencies, is business intelligence and business analytics. Business leaders want volumes of historic data to be retained for analytical purpose. They also would ideally want personally identifiable elements of data such as contacts etc. to be able use the data for lead generation.
Resolving the dichotomy
However, it is essential to grasp the spirit of the privacy laws. The regulations appreciate business and provide practical timelines to make use of personal data for furthering business needs. For e.g., would a marketing function really need personal contacts of leads after 3 years of no response. In such cases, if the lead has not consented to having her data retained by the marketing company, then the company has no legal right to retain the data and manipulate it. On the other hand, if within the last 3 years, the lead has shown some interest, then the marketing company could retain the data for a further 3 years from the last update. This is the sort of balancing which the marketing function has to be made aware of, ideally by a security or compliance function. All the privacy laws provide practical balancing act between regulatory compliance and enhancing business value out of data. Corporate have to be more proactive in training and making aware managers the objective behind retaining data. Buoyed by above, some organizations have taken the lead in starting programs to quantify the value of historic data and identify retention periods for different personal data types.
Regulations actually include personal data of any data subject including customer, partners, employees.
Rate this article: