Are you in charge of your personal data?

The Cambridge Analytica scandal, which involved 87 million Facebook users in a data leak in violation of the platform’s privacy rules, made us all sit up and think how valuable our data is and how we must guard it better. The provisions of the General Data Protection Regulation (GDPR) will help – but it only goes so far.

The EU’s GDPR is giving data protection the biggest overhaul it has seen in two decades. It brings data protection into the digital age where people provide their data for a host of reasons, often in return for “free” services.

GDPR gives individuals much more visibility and transparency over how their data is used, with hefty penalties for organizations that don’t comply. It will undoubtedly strengthen and unify data protection for EU citizens and update regulations for data export outside the region. GDPR affects both so called data controllers, those that collect personal data, and organizations that process it.

GDPR expands the definition of personal data to include online identifiers such as IP addresses that reflect the ubiquitous use of technology. Sensitive data such as race or ethnic origin, political opinions and health, together with two new categories – genetic data and biometric data – requires explicit consent for processing.

For the first time GDPR requires organizations to build data protection “by default and by design” into their entire business and processes. This is all great news for us as individuals, but at the end of the day we must take responsibility for our own data.

Blockchain: data decisions made easy

Currently, big companies like Facebook control the data you hand over and are monetizing it for their own benefit. You don’t get any value from your data at all unless you opt into their services. But surely the foundation of a free economy is being able to control our own data and do exactly what we want with it.

In the not too distant future, you will be able to take full control of your data, so you can monetize it yourself. Blockchain technology may hold the answer: it is an open and secured digital ledger that first came to prominence with crypto-currencies – and it could potentially control future data transactions.

One way it could work would be to have a digital “my data” safe that follows you around. When you want to make a transaction you only hand over the data you need to from the safe. If you are buying a coffee, for example, you provide the data required, such as payment. If the coffee seller is willing to give you your next coffee for free in return for some extra data, such as your location, you hand that over. Suddenly you are trading your data and getting real value from it.

Organizations need to give back

By 2020 it is estimated that there will be 20 billion connected devices on the planet, from your car to your washing machines – all pumping out data about you. Suddenly you will be at center of all this data being churned out – and you are going to start to want something back in return for your valuable data.

There will need to be a shift in thinking about monetizing data. We are all fast getting a better understanding of the value of our data. Organizations that succeed in the future will be those that are prepared to give something back. But, right now it is companies that can repurpose data fast that are getting out in front. 

Uber, essentially a data broker, for example, started out as a taxi firm. It built a cashless platform for drivers and built in bank accounts so that it can pay drivers directly and provide car finance. Suddenly Uber has a payments engine, a banking function and a lending platform. Many don’t realize it, but bank Uber is growing faster than many other disruptive start-up banks. With the data it has it could easily reposition itself in the insurance market, for example.

The same goes for Airbnb which could reinvent itself in travel insurance. Of course they will need the individual’s permission to use this data under GDPR, unless it is completely anonymized. Individuals also have the right to data portability which includes transferring it to another company.

A company may be famous for being a taxi service or a bank, but in this world of so called unintended competition data rich organizations can rapidly repurpose data to take on the challenge of traditional enterprises. Amazon, the book seller who became an IT company is a great example of this unexpected competition.

Banks are one sector that has been very slow on the uptake. They talk about an exceptional customer experience, but they are closing branches. Yet they have the vital ingredients, rich data sources and trust, to repurpose data and reposition themselves. But they have so far failed.
Of course, if this data shift happens, we as owners of our data will be looking to monetize. This could in terms of discounts, special offers or cash. Raptr, for example, gives targeted rewards in return for gamer’s gaming habits.

If GDPR has done one thing so far, it has made us take a long hard look at data. Traditional organizations, such as banks, who don’t start to open their minds to the power of data will get left behind. It is those that are brave enough to stand out and reward customers for the data they are willing to trade that will flourish in the future.

Find out about the people, process and technology implications of GDPR in the Orange Business’ guide here.
Peter Gee

Peter Gee has 30 years’ experience helping business achieve sustainable growth and deliver tangible value. His expertise includes leveraging innovative but proven IT technologies to enable companies going through rapid change to adapt and thrive. A solid track record of developing and delivering business initiatives that drive growth, particularly at enterprise and mid-market level. Extensive knowledge of leading transformational processes in fast moving and challenger businesses.