The General Data Protection Regulation (GDPR) comes into force in May 2018, and will give EEA citizens the most complete data protection rights in the world. Fail to adhere to it, and a company faces back-breaking fines or disruption. Yet for those who embrace the change, the GDPR opens up entirely new business opportunities, which the Nordic region is in a prime position to leverage.
GDPR answers the need for updated legislation in the face of rapidly evolving technology, higher rates of security breaches, and unequal playing rules between countries. Perhaps most importantly, the GDPR aims to give consumers back control over their personal data. They will have the right to access the personal data they have given to a company, as well as the right to delete it, and/or transfer it to new companies who can create value from it. In an economy shifting towards platform business models, the free movement of data becomes a prerequisite for growth. Yet for this growth to be realised, there must be individual control over personal data, clear consent, and trust.
Personal data is often referred to as ‘the new oil’. It is data-intensive sectors that are driving growth in the economy, and many of the most valuable companies in the world work exclusively with handling data. At the same time, there is concern that the GDPR will inhibit business growth where personal data is concerned. Strict security and clear rules are nevertheless necessary if personal data is to reach its full potential as an asset class.
Discussion around the GDPR often stops at the fines. More attention should be given to how the GDPR may improve data governance, heighten trust, make consumers wore willing to share their data, make consent understandable and enable entirely new classes of services.
GDPR is already boosting the security and e-identity sector. An entirely new class of services made possible by the GDPR are Personal Information Management Systems (PIMS). PIMS are technologies which give individuals a singular view over their agreements with many different service providers, and what personal data they are sharing with whom. From here, individuals can give consent, delete data and transfer data. The platform could be used for individuals to obtain new services, as well as for companies to reach out to new customers. Such a platform would also lead to new opportunities within data aggregation, cognitive technologies, and data-driven services.
Nordic companies are in a prime position to take advantage of the GDPR. No other region today enjoys as much trust public institutions, government, and general society. Financial institutions enjoy especially high levels of trust to keep personal data safe. Furthermore, Nordic citizens report a high degree of willingness to exchange data for new services, making the region an opportune market for launching new data-driven services.
Complying with the GDPR is sufficient for avoiding fines. Nevertheless, the GDPR will also rewrite the rules for data-driven business, and redefine customer centricity. To truly adapt, companies need to embrace the fact that it is the individual who controls their data.