GDPR comes into force on 25 May – cue feelings of frustration, anxiety, and uncertainty among the UK’s business leaders. It’s not only the cost – EY estimates that members of the Fortune 500 will spend a combined $7.8bn on Brussels’ General Data Protection Regulation – but the complexity of the regulation that is leading to boardroom concerns.
More than six million EU citizens worked in data-related jobs in 2016, while the impact of failure to comply will cost firms up to 4% of annual turnover or €20m.
Concerns about these potential penalties have driven larger players to focus on protecting themselves rather than addressing the issue head-on. Facebook, for one, has chosen to expand its data protection staff in Ireland by 250% and re-design a host of products at a cost of millions of pounds.
This wholesale, cumbersome expenditure contrasts with the more nuanced approach of the UK’s flourishing cyber security and fintech companies.
Countless examples of these thriving businesses fill the corridors of Level39 and other technology hubs nationwide. Whether focused on protecting our data, such as our members Digital Shadows and Cybsafe, or helping banks navigate GDPR, such as legal and regulatory specialists TAINA, Versive, or Exate Technology, these businesses don’t just react to the future, they embrace it.
GDPR, often touted as the world’s strictest set of privacy rules, has the potential to inspire greater data security, set the foundations for an economy that protects our information, and rebuild public trust in financial services.
On a practical level, it will no longer be possible to rely on implied consent from consumers, meaning that businesses must receive explicit agreement to store an individual’s personal data. Similarly, businesses must be able to prove that consumers understood exactly what data they have consented to sharing on a case-by-case basis.
As a result, GDPR will create a framework that is tailored around the individual, no longer allowing businesses to store vast hoards personal data. This customer-first approach is a guiding principle of most of this generation’s fintech and cyber security companies; banks and other incumbent institutions, meanwhile, are often hampered with legacy infrastructure and processes.
The imposition of GDPR in May, then, offers an opportunity for the UK’s business leaders to collaborate with these fintech and cyber security entrepreneurs who put customers first.
Clearly, many businesses face substantial challenges as a result of GDPR. These firms have spent decades building up records of consumer information and creating vast data management systems. However, the scale of this challenge only serves to highlight the scale of the opportunity.
While an emerging generation of fintech and cyber security companies offer the agility and flexibility to tackle complex regulation, larger, more established firms have a global footprint that offers the network and infrastructure to touch on the lives of millions of consumers and incite a wholesale change in approach.
What is needed, therefore, is a willingness to embrace regulatory change and confront it, with flexibility, through collaboration – there is no room for spectators.
Since the crash of 2008, UK business has been marked by the loss of public trust in the country’s largest commercial institutions – the rise of major hacking scandals has done little to help the situation. GDPR is one piece of regulation that offers the potential to begin rebuilding this trust – the industry requires every side, big and small, global and domestic, public and private to work together to make the most of this opportunity.
Ben Brabyn is head of tech hub Level 39.
Image credit: Alphaspirit/Shutterstock