Ensighten: Where are businesses one year after GDPR?
Last May, businesses across Europe were scrambling to join the seemingly elite club of GDPR compliant organisations. They had their work cut out, rushing to organise data collection policies as well as categorising and digitally filing years worth of customer data into compliant and secure structures. Businesses’ operations hadn’t been so drastically shaken up since the Data Privacy Act 1998.
The big difference now is that businesses and consumers are much more aware of the value of data and how to extrapolate it for optimal gain. The transition caused by GDPR in 2018 has meant that businesses have to think about their data handling from the ground up. In the past year, we have seen this new motive take control.
There have been plenty of trials and tribulations since the European Union law regulation came into effect. What have businesses learnt? How did they tick the compliance box for data collection and processing? How have the data protection authorities such as the Information Commissioner's Office acted to punish and deter malpractice? Lastly, what can we expect in the year ahead?
Many businesses have taken action
In Q2 of 2018/19, the ICO reported “disclosure of data” was the most reported data security incident for the majority of sectors totalling 4,056 incidents. Big business fines hit the headlines soon after GDPR came into effect. For example, BUPA Insurance Services was fined £175,000 for “failing to have effective security measures in place to protect customers’ personal information”.
One of the biggest fines of the year went to Facebook at $1.6bn for breaching the data of nearly 50 million users. But, it’s not just about the financial implications - consumer trust is suffering too. The Global Consumer Pulse report by Accenture Strategy discovered that lack in consumer trust is costing global brands $2.5trn per year - suggesting this is the real catalyst for businesses taking action.
Brands and the wider advertising industry banded together to address GDPR. The World Federation of Advertisers drafted a manifesto, displaying a united front to make a difference to consumer data experiences. Apple, WhatsApp and Facebook made moves to clean up their act with more transparent and coherent privacy communications.
Accountability is key for businesses to progress
Organisations have made efforts to develop a more robust approach to data privacy and put the importance of data privacy, and understanding, at the heart of their employee’s delivery. They are led to understand how data is used within the company. Everyone is accountable for how the organisation collects, processes and distributes personal information. This means expelling any taboos about data compilation and how it is handled, its secrecy and in some cases, malpractice.
Businesses are clearly taking action and becoming more accountable for their data practices and are communicating more clearly. For example, Apple introduced a tracking prevention system for Safari called Intelligent Tracking Prevention 2 in September 2018. ITP 2.0 blocks all tracking cookies unless they use a subdomain of the site’s primary domain. They also implemented a new consent system for cookie tracking, establishing that control and transparency are key components in nourishing good customer trust. This leadership, from a significant tech company, laid down a clear statement to other organisations.
Going forward, businesses must be more focused on being transparent as well as secure for their customers - starting with their websites. Otherwise, they risk losing customers’ trust and loyalty.
Data governance is a driving force
Implementing a more precise and transparent data governance approach has become critical in light of GDPR. Staying on the right side of the law and maintaining customer trust is critical. While compliance and data privacy continue to be top priorities, data governance is the method that ensures and regulates their importance and impetus. Especially now businesses have governance frameworks that go further than simply compliance. Websites that collect and process data must comply or risk losing the customer bases they’ve built.
Governance frameworks are helping businesses to implement new processes in a manner that ensures they can be upheld. It is enabling organisations to deeper examine their security and privacy protocol - ultimately improving their practices and making sure all their stakeholders better understand them. As more and more companies implement improved frameworks, customers’ data should become even more secure and at the very least, better understood, by arguably their most important audience.
So, in many ways, one could argue GDPR has been effective although troublesome for business. The rest of the world seems to think so and is watching closely after the Cambridge Analytica scandal. In the US, California, which has often led the way on innovative privacy regulation, the California Consumer Privacy Act (CCPA) passed in June 2018. It was conceived and born in record time - two days and will come into effect on January 1st 2020.
Whilst many things have changed over the past year and the data privacy landscape has improved as a result of GDPR, businesses are still at risk of exposing customer data.
In order for businesses to take the next step, more focus must be placed on protecting customers to prevent negative long-term implications that stretch beyond ICO fines and GDPR. In its first year, has GDPR set good foundations for improved data protection and governance?
Hackers will always look to exploit customers’ data - we are in a constant battle to improve and protect against new hackers and evolving threats. We see this every day in our website security proposition.
Despite this ever-present threat, GDPR has signaled a new defense principle. Yet, businesses need to stay alert, present and consistent in protecting their customers above and beyond basic regulation. Those businesses who do will win customer trust and respect outright.
Start-ups receive $60 billion investment, smash 2020 record
Start-ups on the continent have raised a massive 43.8 billion euros ($60.9 billion) in just the first six months of 2021, according to figures from Dealroom, surpassing the record 38.5 billion euros invested last year..
This is despite the fact that the number of venture deals signed so far is around half the amount agreed in 2020. Only about 2,700 funding rounds have been raised so far this year, compared to 5,200 last year.
Prime examples in times of change
Examples are Swedish buy-now-pay-later firm Klarna which has raised more than $1.6 billion in two financing rounds, the German stock trading app Trade Republic received $900 million in May and British payments provider Checkout.com snapped up $450 million at the start of the year.
The figures suggest that European tech firms are pulling in far larger sums of money per investment than in previous years, which defies the economic uncertainty of the pandemic and boosted online services enormously.
The CEO of Checkout.com, Guillaume Pousaz, said start-ups have often been created in times of crisis, citing the emergence of several new financial technology companies in the wake of the 2008 global financial crisis.
He added that big transformational change was often the time when there is the emergence of a lot of new start-ups, sometimes when people are losing their jobs for associated reasons.
UK leading the charge
Scale-Up Europe, a group that includes the founders of UiPath and Wise, proposed 21 recommendations to help the region build “the next generation of tech giants.” Among the suggestions are tax credits to corporates for investing in start-ups and regulatory changes that adapt to new innovations.
Sebastian Siemiatkowski, CEO of Klarna, said the U.K. leads Europe when it comes to tech policy, and that there were a number of regulatory issues needing to be addressed before the European Union can produce tech giants of its own.
Siemiatkowski highlighted EU regulation of web cookies as an example of “poor regulation.” Yet, as the number of $1 billion start-ups in Europe continues to grow, the number of exits in the continent is also increasing.
This year has already seen some notable acquisitions, including Etsy’s $1.6 billion purchase of U.K. fashion resale app Depop and JPMorgan’s takeover of London robo-advisor Nutmeg.
As for stock market listings, a number of notable debuts have taken place in London in particular, including food delivery app Deliveroo, cybersecurity firm Darktrace and reviews site Trustpilot. Money transfer giant Wise, formerly known as TransferWise, plans to go public in the U.K. capital soon.