Michael Hiskey, CMO of data management software provider Semarchy, talked with TechRepublic's Dan Patterson about why the GDPR isn't just about imposing fines:
Patterson: Michael you have this wonderful premise that the GDPR is not a challenge but an opportunity. Can you help us understand what that means?
Hiskey: GDPR is both a challenge and an opportunity, and there's been a lot of fear mongering out there, and sort of doom and gloom where there's a lot of focus on the size of the potential fines coming out of it. But really there's been a great underlying tone of this is an opportunity for us to finally get a really strong handle on all of our people data. And that's a people master data problem, so give me all the data that relates to all of my customers in one place, so I could furnish it for access requests, for the ever popular right to erasure, or to enable my customer to port it to another institution. Now that one really scares, all three of those things, really scare the heck out of most organizations. But in actual fact this might be the first time that those organizations get a really great handle on all of their people data in one place. And then the opportunities from that point are endless.
SEE: IT pro's guide to GDPR compliance (free PDF) (TechRepublic)
Patterson: Where's the GDPR going say when we have this conversation in six months or 18 months, where will we be with not just SMBs, startups, and enterprise companies managing the GDPR, but where will we be in terms of an innovation's standpoint?
Hiskey: Well as you've talked about in other interviews, Dan, probably 7% of the organizations are ready today to accommodate GDPR when it comes into being. I think most of them are looking at the May 25th, 2018 date not as a deadline per se, but as a starting point for where they're really digging in. That's probably unfortunate. But six months from now when they're looking back at what they've accomplished, I think they'll be able to see that providing that access, and providing the control points has given them new opportunities to dig deeper into what are people really doing? How is our relationship with those people, and what do we need to do to capitalize on the data that we do have about them?
Patterson: I love that idea, because it humanizes the thing that is kind of inhuman, which is data, but all of us are data. So what are some of the opportunities that could arise from organizing your data, right? So a lot of people, a lot of companies, have their data house is just not in good order, right? So, by cleaning and organizing or by mastering that data what opportunities could arise?
SEE: GDPR resource kit: Tools to become compliant (Tech Pro Research)
Hiskey: Well think about it this way. Do you think if you called and asked your bank today, "I'd like for you to give me all the data you have about me, including all of the weblogs and all of the interaction I've had. Could you give that to me please? I'd like to review it, as is my GDPR right." Do you feel like they'd be ready to do that today? Its unlikely, but what if they could?
So what about better cross-selling upsell opportunities? For example banking, your bank probably doesn't make money on you as a client until you're using three to four financial products, and they really start to escalate when you're using five to six financial products. And as your history with them gets longer to really understand where GDPR is an opportunity you have to look at getting a very strong handle on the customer as a center point of communication, because in someways we're all just a pile of data with a nice persona built on top of it, to those organizations to the extent that they could mine that data and serve me better, I'm happy to exchange more data with them and ultimately feed into those organizations bottom lines.
Patterson: Finally Michael, what does the GDPR mean for potential future regulation here in the United States and other territories?
Hiskey: GDPR is probably the best example of something that's not just onerous regulation, but it's good for people. And when you stop and push yourself away from the desk, and think about all of the things that GDPR means in terms of the data subject, me, truly owning the data about myself, it's really a good idea. So I see this coming to be in very much the way as some US regulations like ... SOX ... have washed over into Europe, it's very likely that GDPR would wash back over into the US. Now there's already regulation afoot in places like Hong Kong and Canada, that's very similar to the GDPR regulation. So I see already some bubbling in Congress, and different districts where this idea has been floated a GDPR-like bill, and I expect we'll see a lot more activity in this space over the coming years as regulators wait to see what happens when GDPR rolls out in Europe.
- GDPR: A cheat sheet (TechRepublic)
- Will GDPR actually protect EU citizens? 61% of infosec pros say yes (TechRepublic)
- GDPR compliance deadline is approaching: 10 things to do right away (TechRepublic)
- What is GDPR? Everything you need to know about the new general data protection regulations (ZDNet)
- GDPR proves that tech giants can be tamed (ZDNet)
- GDPR: It's here, so what happens now? (ZDNet)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.