Looking beyond Data Privacy As a Service

I had a very interesting conversation with one of the Data Privacy professionals yesterday which changed my outlook on how we should approach the whole concept of privacy. This idea actually resonates with the contents of the first few pages of DCPP official study guide.

We as data privacy professionals tend to first break down different privacy regulations in to various components such as territorial scope, functional scope, business applicability, control requirements, penalties etc. While these are all very important aspects of a privacy regulation, we first need to get in to the history, essence and impact of a regulation. We need to understand why a particular regulation was bought in the country in the first place. Is it because of technological advancements? No, absolutely not! Technological advancements are just the catalysts which cause the popping up of various regulations.

Let me give you an example of EU history here, the EU GDPR has not popped up randomly as a replacement for the Data Protection Directive which existed earlier. The history stems back to World War 2 when the Nazis breached the privacy of Germans and collected personal data to identify the Jews and other minority groups. This was allegedly aided by technology organizations to identify and send Jews to concentration camps. In response to this, West Germany drafted the first data privacy measures to protect public sector data. This was eventually followed by multiple regulations such as 1977 Federal Data Protection Act and thus the story continues until 2018 GDPR enforcement. This clearly shows how important GDPR is for the European citizens and why such stringent measures are taken to protect personal data.

The next factor a data privacy professional needs to keep in mind is the essence of the regulation. On the surface, GDPR protects personal data of any data subject within the EU territory. However, why it is important to protect personal data is what we need to understand. We know that if personal data or Personally Identifiable Information(PII) is compromised, the consequences can be in terms of financial loss, reputational loss, mental loss, etc. Organizations that care about their data subjects do not look at data privacy as cost, rather as revenue because their intention is to reduce the losses of the data subjects. How do they achieve this? By protecting the personal data, organizations deliver trust which translates to loyalty. A major factor which helps a business survive in the market is customer loyalty and that’s how data privacy plays a major game.

Yet another factor which we need to consider while understanding and implementing a data privacy regulation is the impact of the regulations. Here we are not supposed to look at the regulation from a business perspective rather from a social environment perspective. How can a regulation help in upliftment of the social situation of our neighborhood? How does it relate to various other regulations which intend to protect rights of children, women, elderly etc.? A simple example can be protecting the identity of a child which in turn protects the child from any sort of extortion.

We just need to broaden our vision with respect to Data Privacy Regulations, and we will be able to create a better and sustainable environment for now and for future. Data Privacy is beyond simple control implementation and regulatory compliance. Data Privacy is a discipline and is a thought process which must be deep rooted in our minds.

Reference: GDPR-Disturbing History Behind the EU’s New Data Privacy Law | Time

Originally published at https://www.linkedin.com.