GDPR – The Vicious Game of Russian Roulette
I’m really surprised at how little concern has been raised in the media about GDPR in the run-up to 25th May 2018, when this draconian legislation will come into force. In my opinion, this is the worst piece of regulation that has come out in a long, long time - if not EVER!
The great irony is that the very people who are supposed to be protected by GDPR will suffer most!
For those who are not entirely familiar or live outside of the European Union and think this piece of law is none of their concern (trust me – it is, unless you are a beach coconut seller on the remote islands of Tonga), then allow me to give you a brief synopsis of what GDPR entails.
General Data Protection Regulation or GDPR in short (http://www.eugdpr.org) was conceived to protect the rights of individuals in the EU and provide them with transparency about the collection and storage of their personal data as well as its use. Initially, the principles behind the legislation were ethically and lawfully just. However, it later became a complex regulatory legislation of over 200 pages, with a fully loaded set of strict directives and apocalyptic penalties.
I’ve been talking to a variety of professionals ranging from local SME owners to senior officers at large international corporations, and they all share the same sentiments: uncertainty, lack of clarity and guidance, hesitance, confusion, and at the top of the tree - a fear of how deep and far-reaching the GDPR impact will be on their organisations.
No one truly knows or dares to predict the extent of how seriously their industries will be affected. How many businesses will cease to exist as a result of this legislation? Or even, has anyone projected how many employees will lose their jobs? Earlier in the year, YouGov (https://teiss.co.uk/information-security/uk-businesses-not-ready-gdpr) conducted a survey, claiming that 71% of UK businesses are unfamiliar with the regulation and unaware of the severity of fines, while 10% who are, predict significant headcount cuts.
For those uninformed, non-compliance comes with severe penalties of up to 4% of the company’s worldwide turnover or €20 million, whichever is greater!
So, what is a non-compliance? Well, this is where the game becomes rather hairy, and the adrenaline kicks in! There are 99 various articles contained in the GDPR (see summary at EU GDPR http://www.eugdpr.org/article-summaries.html) ranging from the rights to restrict individual data processing, recruitment of Data Protection officer, requirement to report data breaches to authorities and individuals affected within 72 hours, rights of access, portability, transfer, various other restrictions, powers, obligations, responsibilities, procedures, liabilities and what not.
Personal data includes anything from a name, address, email address, medical information, IP address, posts on social networking websites, to personal photos and so on…
Simply, most small businesses will struggle to understand let alone comply with all these requirements. On the other end of the spectrum, large organisations will face the challenge of consolidating all their data, systems, procedures, processes and documentation as far as every single spreadsheet on every computer that might contain a customer, supplier or employee name, including even their salutation!
Realistically and practically, very few organisations – if any, will ever be able to fully comply with these requirements. Travel, retail, recruitment, finance, media, profit and non-profit, private and public, B2C or B2B, all industries and all sectors will be affected!
As GDPR doesn’t imply any leniency for noncompliance, there are only two logical outcomes left, with two options each:
1. Breach of law
not being caught
caught but able to afford the fine
2. Going out of Business
unable to afford the fine
close down voluntarily
This is why I call it - the game of Russian Roulette! Close your eyes, let the cylinder spin and hope for the best! There are only two outcomes.
The sad truth is, it’s inevitable that there will be casualties.
In the first scenario, it’s obvious who will ultimately pay the price: the consumer - you and I. For the public sector, it’s us again - the taxpayer.
Seriously, let’s think about this. If companies are unable to comply with the law, then there are clear consequences prescribed by the legislation. When hefty fines are imposed, the wages will go down, prices go up and those who were supposed to be protected, GDPR will punish.
With the second scenario, the outcome is even worse. Business owners are left in debt and employees out of jobs. Who is the victim this time? Us again - Jo Bloggs. A poor guy (or girl) whom EU authorities had intended to protect, but did the exact opposite. Painfully absurd, is it not?
Before I conclude my rant, I must point out to readers outside of the EU that the GDPR regime also extends the scope of the data protection law to all foreign organisations (regardless of the company location) who are processing the data of EU subjects. This doesn’t only mean selling goods and services to EU citizens, but processing and holding their data too. Whether it's employee data, customer data or supplier data (which ultimately relates to individuals), then these companies (including sole-traders and partnerships) fall under the new data protection law.
Where will this leave the Facebook advertising model, which is based on eavesdropping on our personal data? I’m not sure. Google maps timeline that track our movement via phone? Don’t know. Amazon Alexa compiling the list of questions and commands we ask her? Not bothered. Mobile apps having access to our images, calendars, contacts, etc. I don’t care. Eventually, they will find their way and innovate new schemes to extract dollars. But at a higher rate now, of course. All I know is, that we will be seriously hurt, all due to GDPR.
I’m one of those who fiercely objected Brexit and still does, but then - when a piece of legislation such as GDPR comes out, it proves the case for all those who wanted out.
Before I load up my gun to play the infamous Russian game, let me guess what will be the most sought-after profession in years to come? A lawyer or an undertaker? Not sure - what do you think?
Follow me at https://www.linkedin.com/in/ceedoo for more Social Selling tips and tricks, or to request download of our FREE eBook: “WINNING THE ONLINE CUSTOMER: Top Lead Generation Tactics and Strategies for 2018” go to: https://CeeDoo.com/ebook