Fake news. Trump. The influence of third-party actors. The power of BigTech and Privacy. These are the big issues of the day, but they’re issues that very few mortals can influence.
However, for anyone involved in business the personal and corporate responsibility in relation to privacy and data security has never been greater than it is today.
The BigTech headlines below tell their own story but the principles ripple through all organizational ponds:
However, my personal favorite of these headlines:
Exploring Personal Security
To emphasize how these issues impact on a personal level, have you ever dived in and checked some of your personal settings in your Chrome browser or Google Account?
Why not have a spring clean Security Checkup and check out a few of your Google Settings
There are several questions you could ask yourself about your own personal security, but two of the most glaring issues I came across are the following:
Do you have payment methods saved?
Well that one scared me....
Are we all paranoid about Google listening to us?
Finally, some good news.
The largest members of the BigTech club are typically unphased by the statutory GDPR fine of 4% of global revenue – or 30 million Euros. These are not sufficient deterrents and are viewed as “taxes” to be fought over by $1,000 per hour lawyers. Yet these penalties are of a business-killing magnitude when it comes to normal businesses, and they aren’t often taken lightly.
I’ve written before about our GDPR journey, and the 10 Questions You Should Ask Your Media Partners. Many businesses are still finding their feet in the post-GDPR landscape, but the sands have already shifted in relation to the aforementioned big issues. I thought it would be useful to reflect on these issues, to hopefully offer some actionable insights.
The AZoNetwork Approach
AZoNetwork is growing sales at 30% year-on-year, with over 6 million monthly visitors and over 600,000 subscribers. These numbers certainly instil in us the incentive to be fully-engaged with privacy issues – but our journey was neither straightforward nor pain free.
It has been too easy to view GDPR as simply a laborious and painful exercise in compliance. However, over the last two years, we’ve adjusted our perspective. Unlike the headlines above, we believe that the effective, transparent, and ethical privacy policies of GDPR are a positive takeaway. They represent a key business development strategy that can be used to reassure clients and build trust. Our customers are confident in our ability to “market their science”, and our visitors feel secure engaging with that content.
This perspective shift has been shored-up by tangible company benefits. Although the full list is pretty long and tech-heavy, some of our potted highlights are:
- We’ve rolled out 2 Factor Authentication (2FA) in all our critical business areas;
- We’ve encrypted the hard drives of all employee laptops;
- We’ve encrypted browser to server traffic.
The sharp edge of GDPR has been particularly cutting to US organizations where, to quote Bloomberg, “Blocking 500 Million Users Is Easier Than Complying With Europe’s New Rules”.
In mid-2018, when these headlines started appearing, we recognized the value of a strong privacy-focussed position. Offering “Privacy Comfort” to all our clients, particularly those in the US with a European clientele, was suddenly a gilded opportunity rather than just a financial and regulatory obligation.
We revised our Privacy Policies, beefed up our data security, and produced a robust GDPR manual. Rather than stop there, we carried on that momentum and successfully completed a Truste assessment process and accreditation. This seals and rubber stamps our commitment to data security and privacy, providing considerable reassurance to clients and site visitors.
As with many things in life, if you struggle to achieve it you appreciate it more and this was certainly the case in our journey though the “Enterprise Privacy & Data Governance Practices Certification Assessment Criteria” set out by TrustArc. At the end of the journey you receive a badge of honor. This comes with the knowledge that failing any of your privacy obligations means that anyone can register their complaint to an independent third party.
The antics of Privacy Pirates may wax and wane but for the rest of us it’s here to stay. Embrace the positives.