March 18th 2020 – By James McCarthy

Farewell to GDPR protection? Long live a smarter approach to data

Originally published in PrivSec.Report.

A few weeks ago, Google revealed that UK users could lose EU GDPR data protections, because now the UK has left the European Union, the company intends to store its data in the US. With the second anniversary of GDPR approaching, one might wonder if such a story constitutes Britain saying ‘RIP GDPR protection’ before we’ve even had chance to blow out the candles on its second birthday cake. But like so many things Brexit-related, is this just a typically sensationalist headline? Or could the news constitute a major blow to consumer data protection in the UK? 

As with many things the answer probably lies somewhere in the middle. Is it true that Brits may no longer be protected by GDPR when companies are headquartered in the US? Perhaps. But does this mean their data is in peril as a result? Almost definitely not. 

It’s not just about regulations 

Over the past few years, the importance of ‘doing the right thing’ with customer data has been ingrained into most businesses as they aspire to be trusted by consumers – trust is, after all, a direct driver of brand preference.   

Any company worth its salt knows in 2020 that data breaches mean fines from regulators, and yes GDPR has been key in implementing such punishments. But the reputational damage which can result in a loss of customers and, consequently, the loss of valuable data is perhaps even more feared than fines.

The loss of customers can be devastating to business for obvious reasons, but the associated loss of access to data can be just as damaging. After all, data is not just a potential accident waiting to happen, but a powerful asset for business of all shapes and sizes.    

In a digitally driven future, data is vital to both power and protect organisations and the people they serve. ‘Information intelligent’ brands will become a force to be reckoned  with because they understand how to unlock the power of data to delight their customers, while also defending their privacy and interests.   

Data can build (or destroy) customer trust  

The fact is that, in 2020, every company has become a data company, whether they were born in data or are more traditional companies subjected to a changing world. Any consumer-oriented brand will want to avoid breaching their customers’ trust, regardless of the fines that might be levied. It’s already been widely documented that the fallout from a data breach can be far greater and more expensive than the regulator’s fine.   

According to the Ponemon Institute, the impact of a data breach on a company’s finances, brand and customer trust can be huge. For a start, companies who experience a data breach see an average stock price decline of 5% immediately following the disclosure of their breach.     

Companies are less likely to see a long-term decline in value after a breach if they have created a strong security posture through investments in people, process and technologies. And remember the old adage – ‘it’s not what happens, it’s how you deal with it’ – well if brands react quickly and positively, consumers are more likely to forgive and forget.  

 So even if, in some cases at least, us Brits are waving goodbye to the formalities of GDPR protection – we need not fear an impending doom of data privacy chaos. The emphasis on keeping customer data safe and investing in data governance won’t go away for businesses post Brexit, post GDPR or indeed, when  Google sends our data for storage in the US. Data is simply too powerful an asset for any business to wilfully take that risk – and the most successful will not only continue to invest in minimising the risks of data, but also in exploiting its value with respect for its customers in mind.