Can Your Enterprise Win at GDPR?

It’s a tantalizing and intriguing question: can your enterprise win at GDPR? Of course that would lead to the equally important follow-up question of what it would mean to win in the context of the European Union’s General Data Protection Regulation—which went into effect just a week ago. GDPR has put pressure on enterprises on both sides of the Atlantic, as the mandates and the heavy fines for compliance failures apply to any enterprise that collects personal data on EU citizens regardless of location.

For most enterprises, winning would most likely center around greater profitability, prestige, and market share in comparison to their competitors. Alphabet Inc., Google’s parent company, is poised to serve as a model for this kind of GDPR victory: according to a report from MarketWatch, Google is attracting individual user consent for targeted advertising faster and more efficiently than anyone else. Their competitors are depicted as scrambling to comply with GDPR, and thus missing out on the potential profits.

Yet the MarketWatch article doesn’t quite tell the whole story. Google has already been hit with a GDPR violation lawsuit by a European-based privacy advocacy group for allegedly failing to follow the consent laws outlined in the mandate. Google has been accused of forcing an “all-or-nothing” checkbox for user consent on their data collection—which is against the spirit of GDPR. Facebook has faced similar charges. If the lawsuits go forward and Google is found to be in the wrong, it could result in billions of dollars in fines.

For Facebook and Google, billions are a drop in the bucket. But your enterprise may not feel the same way. Is there another way to win at GDPR?

WIn at GDPR with Identity Management

At its core, GDPR is a privacy protection law. It mandates that enterprises:

• State clearly what data they are collecting on their users.
• Allow users to find out what data the enterprise has already collected on them.
• Gain clear, granular, and personal consent from their users about how their data is used.
• Allow users to ask that all of their data is deleted via the right to erasure.
• That user data is protected more strictly, and that all data breaches are reported and disclosed promptly.

Users are becoming increasingly more protective of their digital identities and more unwilling to share details with enterprises. The idea that their data is being sold or traded without their knowledge has repulsed users. It’s this cultural shift that led to the enactment of GDPR in the first place.

So enterprises looking to win at GDPR should consider how GDPR compliance can foster their user relations, experiences, and interfaces. With an identity management solution deployed on your IT environment, you can better accumulate and utilize the personalized, consensual data of each user, creating more preferential treatment; simultaneously, governance via an identity management solution can help make sure that the data collected fits with each individuals’ consent. Identity also ensures more data privacy but ensuring that only the most necessary employees and third-parties can access user personal information via highly-monitored permissions.

Furthermore, identity management can deploy stronger authentication protocols and factors for access to user personal information databases—certainly stronger than the old password paradigm. With the GDPR mandates for better cybersecurity, this will be essential. These benefits apply even on an app-to-app and cloud platform basis, essential for the digitally transformed enterprise.

To win at GDPR, you need to foster more consumer and user confidence in your enterprise—that you are taking their privacy seriously, that their data is safe with you, and that you are in GDPR compliance. This may not result in the short term gains that Google may be seeing, but your enterprise can avoid the fines that Google may be facing. Fostering user trust with identity management can result in long-term profits and brand prestige that your competitors won’t be able to replicate. GDPR isn’t just about legal compliance—it’s about following a corporate cultural shift that users are already demanding. Digital privacy is the name of the game now.

To win at GDPR, you need to keep up. The alternative is to be left behind.  

So what are you waiting for?