Data protection is a global issue. Yet it is being approached in very different ways on either side of the Atlantic. While Europe and Britain will embrace the more stringent rules of the General Data Protection (GDPR) regulation from May 2018, the situation in the USA is going the other way. On 3rd April President Trump signed a new law making more personal data legally available. Overturning the previous legislation, ISPs are now able to access and use all but the most sensitive personal information. Much of this personal data is likely to be harvested and sold to digital advertisers.
While the global super power Google already grows its business through targeted online advertising, this will open up the practice in the US to a host of other players in the ISP market. Its advocates say this availability of data helps advertisers to target consumers more effectively thereby helping them to make better decisions. Its detractors see it very differently.
Whatever your view, Personal Information Management Services (PIMS) are already huge revenue generators and not just in the United States. A study estimates the value of the UK PIMS market to be currently worth £16.5 billion. But from this moment on, the paths diverge and when it comes to the future of personal data protection, it appears that the differentiator will be regional legislation.
The change in law in the US, with its permissive approach to personal data, will open up the PIMS market and along with it many associated problems. It certainly seems likely that this will create a need for privacy-enhancing tools and services. In Europe, on the other hand, the legislative market under the GDPR might drive online advertising businesses to invest in new models which create value from mining personal data in legal ways. There is little that can be done to prevent opportunism in the world of PIMS and digital advertising, but the American model is fraught with problems and risks, both financial and on a moral basis. We in the UK must be grateful for the very different approach mandated by GDPR.
When GDPR comes into effect, UK companies will be legally obliged to observe new procedures and take even greater responsibility for how they collect, share, and use consumers’ data. Some businesses will complain that the new regulation is burdensome and bureaucratic but they are wrong. Those who shirk it will certainly feel some pain as enforcement will be strict and fines extremely severe. But many will embrace it as an opportunity; as a competitive differentiator. If in any doubt, the complainers will only have to keep an eye on how the permissive data protection laws impact across the Atlantic.
SRM has operated in the data security environment for many years. With a wide range of knowledge and practical experience, our consultants are ready to help you understand the risks to your information and manage them effectively. Our specialist team provides a full portfolio of services which include data protection. We can assist companies to be in a more ready state for GDPR compliance when it comes into effect next year.