Due to new EU measures in the area of privacy, organizations that process personal data must adjust their procedures. This is a major operation, but also an opportunity to increase efficiency, introduce new data services and gain competitive advantage. The free TNO report 'RESPECT4U' tells you how.
The new rules are laid down in the General Data Processing Regulation (GDPR), which will take effect in May of this year. Consumers receive clearly defined rights therein. They may have their data modified and taken to other service providers. They can also ask for oblivion, which means that their data is completely deleted.
Guarantee consumer privacy
A regulation with far-reaching consequences, says TNO expert Marc van Lieshout: "Organizations become responsible for the data they collect - even if third parties use them. They have to show that they guarantee consumer privacy, and that this is already incorporated in the design of their systems. This means, for example, that they may collect the least possible amount of data, keeping it safe and secure, and regularly undertake risk analyses. "
"The GDPR has become a matter for Executive Boards"
Case for Executive Board
Organizations that deal with the GDPR (data privacy act) include telecom providers, insurers and healthcare institutions. They can count on fines if they do not keep to the rules, says Van Lieshout: "These fines amount to twenty million euros or four per cent of the annual turnover. Moreover, it can lead to damage to reputation, so the GDPR has become an Executive Board matter. "
But there are still opportunities. "Thinking about privacy means thinking about procedures and processes," says Van Lieshout. "Do you have duplicate files, are you vulnerable to data leaks, are your data sufficiently encrypted? If you do it right, you can make efficiency improvements. It can even result in more customers, because consumers are increasingly critical of the way in which organizations treat their personal data. "
"In the past, privacy was primarily a cost item. Now it is an opportunity to innovate and maintain consumer confidence. The TNO contribution is vital in this respect.
For the responsible handling of personal data. the encryption of information is essential, says Van Lieshout: "If you do that well, then the data is safe even with a data breach. Encryption is therefore a significant factor in risk analyses."
It is about consistency
In order to comply with the GDPR, organizations must have knowledge in very different areas. "It's about organizational structure, culture, legal aspects, technology and the cohesion between them," continues Van Lieshout. "You can go right to TNO for that: TNO has the most recent knowledge about the branch aspects, including encryption, and the expertise needed to make it a practicable whole."
"In the RESPECT4U report we explain how organizations can reap the benefits of the new rules while at the same time guaranteeing privacy. And that is not an optional extra"
Van Lieshout summarized this TNO expertise in the report 'RESPECT4U' in which "we explain how organizations can reap the benefits of the new rules while at the same time guaranteeing privacy. That is not an optional extra. If we do not do that, then unacceptable treatment, discrimination and exclusion lie in wait. "The report provides, among other things, a handle for security, empowerment and pro-active action, and can be downloaded free of charge."
Privacy creates trust
At the Dutch Ministry of Economic Affairs senior policy officer Roman Volf endorses the statement that guaranteeing privacy is not an optional extra. "Our economy stands or falls with mutual trust. And trust in IT services is an important part of this. Certainly in this technology era people have to feel that they can decide for themselves where their limits are in the area of privacy."
That is why TNO and the information society platform (ECP) commissioned by the Ministry of Economic Affairs are working on the 'Action Programme Privacy as Innovation Opportunity', says Volf: "In the past, privacy was primarily a cost item. Now it is an opportunity to innovate and maintain consumer confidence. The input of TNO is vital here, partly because TNO can make the link between academic knowledge and practical applications. Organizations that want to keep abreast of the latest developments, particularly relating to the GDPR, can download the TNO report RESPECT4U. A must, I would say."
- Information & Communication Technology
- Strategic Analysis & Policy