GDPR and companies: what are the consequences?

La GDPR et les entreprises : quelles conséquences ?


Privacy issues and personal data regulation have become a major challenge. Last year, EU decided to unify privacy-related regulations by setting up the General Data Protection Regulation (GDPR). Every company collecting, storing or processing personal data will have to comply with the GDPR. Starting May 25th 2018, every company operating in Europe will be concerned.

What is GDPR?

GDPR is the new reference text about personal data protection for European citizens. Regulators had to face two issues: standardizing data protection regulation in Europe and taking into account an international market around personal data — its international nature making the regulation more complex. The regulation aims at “giving citizens back the control of their personal data and simplifying the regulatory environment for international business by unifying the regulation within the EU” and at clarifying responsibilities.

What does it imply for companies?

Consequences for companies are:

  • they must ask for explicit and positive consent of their users when they are collecting personal data;
  • customers and users can ask for their data to be deleted;
  • customers and users must be able to get their data back and to transfer it to another service. The data must be provided in a reusable electronic format;
  • data protection must be integrated to product design from their early development;
  • companies will have to appoint a Data Protection Officer;
  • companies who do not comply with the GDPR can be fined up to 4% of their sales revenue.

Current situation: indifference

The current comprehension of GDPR and how it can impact companies is very limited. The study conducted by Dimensional Research and Dell showed that 97% of companies had no precise plan with regards to GDPR. More than 80% of respondents (who are employees concerned by personal data) said they knew nothing or very little about GDPR. This is despite the high financial stakes and the fact that the new processes will not be easy to implement.

How can companies comply with GDPR?

Concerned companies will have to appoint a Data Protection Officer. 70% of the time the respondents plan to appoint one of their employees. They will also need to develop APIs, which are digital pipes to which customers and other services will connect to get back they personal data. These are costly actions, and most companies consider setting up minimalist actions to comply with GDPR.

Turn GDPR into an opportunity!

These new constraints should not be considered as a source of costs and constraints: they can become an opportunity for major brands to initiate a strategic repositioning. Major brands are still struggling to find their way in the current digital ecosystem: GDPR can allow them to do so. Let’s give an example. One could consider data portability as a constraint: the company has to build an API and to open it to other companies. Nevertheless, this company take advantage of other companies’ API to build new services based on other personal data. This is what Cozy makes possible. By offering a digital home where individuals can retrieve all their personal data (IoT, banks, insurance, administrations, social networks), Cozy allow companies to offer customized services inside this digital home. And those companies don’t have to store or even access the data! They can provide a completely integrated experience, proactive and more relevant , thanks to this brand-new digital intimacy.