The world has got to grips with the COVID-19 pandemic, the UK left the EU, AI tools like ChatGPT have exploded onto the scene and GDPR breaches and fines have become a regular fixture. With so much change, what are the knock-on effects on the GDPR? We asked IT leaders for their views in a short survey, as the GDPR approached its fifth birthday. Here's what they said.
1. Customers are more aware about protecting their personal information
66 per cent of IT leaders said the GDPR has made customers more aware of the need to protect their personal information. At first glance, this is great news. After all, the GDPR was created to give people more control over their data. However, it also means businesses have to work harder to build trust with their customers. With so much information available online and in the media, customers are now much more GDPR savvy. Tightening of the data protection rules has seen a number of well-known companies face eye-watering fines. In fact, just three days before the GDPR's fifth birthday, Meta - the owner of Facebook - received one of the largest penalties on record. It's no surprise then, that customers may not completely trust businesses with their data.
2. Hybrid working has forced businesses to invest more in the GDPR
It's only three years since COVID-19 swept the world and forced organizations, large and small, to move their businesses online and send many of their employees home. Now that the dust is settling on the pandemic, many businesses have adopted hybrid working patterns for their staff. 72 per cent of the IT leaders in our survey said this switch to hybrid working, and the need for staff to access personal information outside the office, means they are having to invest more in making sure they are still within the GDPR rules. It's more challenging to control information outside the confines of an office environment, unless the data is protected in a GDPR-compliant way. Logging into a secure system to view data, for example, is preferable to emailing spreadsheets and documents back and forth, which is a bigger security risk.
3. The GDPR hampers digital transformation and uses up IT resources
Despite the fact that the pandemic has accelerated the digitization of customer interactions by three years, 44 per cent of IT bosses say that the additional red tape from the GDPR hampers digital transformation activity within their companies. 62 per cent also believe that processing data subject access requests and other related queries uses up significant amounts of time and resources - even though 83 per cent also say that they have robust processes in place to deal with GDPR requests. While digital transformation is improving processes in a wide range of business areas, there are still many manual activities involved in GDPR compliance. In fact, long-winded manual processes may be part of the problem, especially if they need to collect together unstructured data, such as customer emails, social media posts or voice recordings, which is often held outside of core systems and databases.
4. The Data Protection and Digital Information Bill makes IT leaders nervous
Now that Brexit is done, the government wants to introduce the Data Protection and Digital Information Bill (DPDIB), which aims to boost economic growth while also protecting the privacy of individuals, as a replacement for the GDPR. But 85 per cent of IT bosses would prefer the UK to stay with the GDPR, rather than creating a new set of rules. Among tech leaders in organizations with over 3,000 employees, this figure goes up to 89 per cent. There's still a very long way to go with the new bill, but having already spent time and money on getting the GDPR right, businesses appear to be questioning the need to change, especially if there's a chance that those operating in both the UK and EU may have to adhere to two sets of standards. The implication seems to be 'why make things more complicated?'
5. The GDPR must be updated to keep pace with new AI technologies
AI tools like ChatGPT have taken the world by storm recently, with businesses keen to find out how it can be used to their advantage, but a lack of adequate knowledge about how it works risks employees inadvertently breaching GDPR rules. And 86 per cent of IT leaders agree. They believe the GDPR needs to be updated to keep up with this vast new technology. The potential power and spread of AI is immense and it's vital that data privacy regulators look closely at developing the rules and guidance around how AI is used, before it becomes part of our everyday lives.