GDPR Compliance Two Years on: What’s The Situation?
May 2020 marks two years since the EU’s GDPR regulation became enforceable. The legislation created a new standard for global data protection. For those working in certain industries, like marketing, technology, or data analysis, the regulation fundamentally changed the way people worked. In this blog, we take a look at how GDPR compliance has changed over two years and how many companies are still adapting to the new normal.
GDPR compliance: Then and now
Despite being European legislation, the GDPR applies to countries right around the world. It states that any data collected on a European citizen must be compliant no matter where the company who collected it is based. In practice, that means any company selling services or products in European countries must ensure GDPR compliance. From the time it was introduced, the effects of the legislation spread far beyond the EU borders in which it was created.
The companies that were affected had to address a chief concern: How did they continue to make best use of their customer data without worrying about hefty fines or reputational damage? For the first time, customer data turned from a fundamental business asset into a risk. The challenge for businesses was to move that pendulum back in the other direction.
In 2020, many businesses still haven’t found the solution to this challenge. Some made surface level changes, but haven’t addressed the fundamental compliance gaps. Others have taken the opposite approach, exercising caution and not using their data to maximum effect. Many companies don’t know where they stand and GDPR compliance requirements often causes friction with the need to use data to improve offerings and remain competitive.
The data protection conundrum
GDPR compliance requirements create several key challenges for businesses. As well as the fact that data must be collected with opt-in consent, businesses must also collect a whole range of information about the data they process; who it’s collected from, for what purpose, and with whom it is intended to be shared. On top of that, any data used in ways that aren’t clearly stated is not compliant, and any data shared with companies in another jurisdiction is also not compliant.
The law not only regulated how data is collected, it also creates stringent parameters for how it continues to be used thereafter. GDPR compliance isn’t a one-time box-tick exercise; it’s an ongoing process. And it’s this reason why, two years later, companies still worry about how they’re using their data.
So, what’s the solution?
Turning to technology
At Trunomi we take a different approach to protecting customer data. Much of the time, the problem with customer data lies not with how it is collected, but with how it is stored and with whom it is shared. When a piece of data is collected, it’s important that all the relevant metadata about that data is stored with it.
Our patented TruCert™ and TruID technology ensures that all this information is automatically recorded as soon as a piece of data is collected. Information about what, when, where and how a data point was collected is automatically recorded as a TruCert™ and permanently associated with the person to whom it belongs, in the form of a TruID.
From there, data models are used to ensure the recording of what data is processed, under what legal basis and jurisdiction. Principally that includes the GDPR, but also its global variations such as the CCPA in California and the LGPD in Brazil. It’ll then create a clear order of hierarchy for compliance in instances where data is protected under two conflicting laws. All of this combined ensures that data compliance is made much easier.
Changing how we think about data
The most radical thing about Trunomi, however, is not how it records data, but how it shares it. Or more accurately, how it doesn’t – because we don’t believe that data needs to be shared at all. When you’re sharing data, around a company or with external partners, most of the time you’re either simply confirming that data exists or sharing data about that data.
When you share the original data, a data breach risk is created, because there are now multiple versions of that data to monitor, locked perhaps in Excel spreadsheets or email attachments. Our approach differs because we say “Don’t share the data, share a TruCert”. These metadata tags can only be viewed by the person for whom they’re intended. That means you’re not opening yourself up to data breaches by unnecessarily reproducing and sharing data through various locations.
Perhaps the most unique aspect of Trunomi is the fact we don’t have access to your data and our patented technology is cryptographically hashed to the standard of the American National Security Association (NSA). It’s for that reason that Baker Mackenzie, one of the world’s leading law firms has described Trunomi as a ‘risk free solution’. So, what have you got to lose?
If you want to find out more about how Trunomi can help you achieve GDPR compliance, get in touch with the team today.