What is GDPR About?

I get spooked when I get cold calls from random companies asking me, “how is your stock trading experience so far” or when I am planning for a trip abroad and get emails from banks offering forex cards to me. Last year my husband submitted documents to open a salary account with a bank and they also used his documents to issue a credit card, without his consent. This would concern many of you too, I am sure.

The Equifax data breach has exposed credit information of 143 Million Americans. What if the hackers used this data to get loans or credit cards in the names of these Americans, who cannot do anything about it? They will have to live in this fear all their life. This is the kind of exposure that every consumer needs to be guarded against and is rightly addressed by GDPR (General Data Protection Regulation).

Today everyone is realizing the importance of data and wants to use it or misuse it for their benefit. So caution*100 is the word for every organization that holds personal customer data to ensure a safe customer experience for its users, whether in the EU or any other place in the world.

Here is what GDPR does:

  • Restricts use of customer information for transaction other than one for which it was made available
  • Mandates everyone doing business with EU customers to comply with GDPR
  • Mandates appointment of a Data Protection Officer for public authorities and large data processing companies
  • Mandates assessment of privacy impact, in industries or processes where breach risk is high
  • Mandates reporting of a breach within 72 hours
  • Gives the “right to be forgotten” to consumers
  • Seeks parental consent for processing data of individuals under 16 years of age
  • Fines equivalent to 4% of global revenue or €20 million – whichever is greater in case of data breach.

Why GDPR should not be seen as being hard on businesses?

We are living in times where anyone — even those opposing GDPR — can be victims of such data theft, with life altering consequences. It is in the larger interest of everyone to embrace it with open arms and ensure data breaches do not occur. After all every business owner is a human and is at a risk of getting his/her personal data hacked too, so GDPR is protecting each and everyone in the EU.

Today, customer experience is becoming imperative for every brand, especially the ones interacting with end customers directly. Customer data gives insights that can help businesses grow and thrive.

So, personalized digital customer experience coupled with assurance of data security can go a long way in building lasting customer relationships. GDPR is EU’s way of saying “Play Safe”. Why just EU, I think this is a good move and should be adopted by countries worldwide. What do you think?