The General Data Protection Regulation (GDPR) comes into force in May 2018, and will give EEA citizens the most complete data protection rights in the world. Fail to adhere to it, and a company faces back-breaking fines or disruption. However, the GDPR also opens up entirely new business opportunities, which the Nordic region is in a prime position to leverage.
GDPR answers the need for updated legislation in the face of rapidly evolving technology, higher rates of security breaches, and unequal playing rules between countries. Perhaps most importantly, the GDPR aims to give consumers back control over their personal data. Discussion around the GDPR often focuses on heavy fines, repetitive data consent forms, and fears of not reaching compliance in time. Less attention is given to how the GDPR might change how consumers view their data, change the nature of consent, make companies less dependent on hoarding data, and enable entirely new classes of services.
With the GDPR, EU citizens will have enhanced control over their personal data. They will have the right to access the personal data they have given to a company, as well as the right to delete it, or transfer it to new companies who can create value from it. The free movement of data is a prerequisite for growth in an economy shifting towards platform business models. Yet for this growth to be realised, there must be individual control over personal data, clear consent, and trust.
GDPR is already boosting the security and e-identity sector. One entirely new branch of services already under development in different sectors is Personal Information Management Systems (PIMS). PIMS are technologies which give individuals a singular view over their personal data from a variety of sources. From here, individuals can potentially analyse, delete, or transfer data between companies, as well as use the platform to share their data with new service-providers. Not only could such a platform allow companies to use personal data in a GDPR-compliant way, it would also bring data sources together, leading to new opportunities within data aggregation, cognitive technologies, and innovation.
With the free movement of data, a data hoarding mentality may no longer be necessary to a company’s survival. The true winners will be those who are able to create the most valued services and the best user experiences. However, data portability may also make platforms more fragile and vulnerable to disruption. Having consumer trust will become an even greater competitive advantage than it is today.
Nordic companies are in a prime position to take advantage of these regulatory changes. No other region today enjoys as much trust public institutions, government, and general society. Financial institutions enjoy especially high levels of trust to keep personal data safe. Furthermore, Nordic citizens report a high degree of willingness to exchange data for new services, making the region an opportune market for launching new data-driven services.
Reaching GDPR compliance is just the beginning. To truly tap the potential of the GDPR, companies must embrace a future where the personal data is owned by the individual.
“It’s not privacy or innovation – it’s privacy and innovation. The personal information economy can be a win win situation for everyone. Get it right, and consumers and business benefits.” - Elizabeth Denham, UK Information Commissioner.