The European Union’s General Data Protection Regulation (GDPR) is upon us, becoming enforceable on May 25, 2018. It’s no exaggeration to say that achieving compliance (as well as being able to demonstrate compliance) requires that companies make a fundamental shift in how they approach data governance. Companies worldwide are struggling with the magnitude and scope of the GDPR; however, those that get data governance right can reap significant benefits.
The 20-second summary:
Yet, the reality is, many companies with operations outside of the scope of the GDPR are struggling with the question of whether to comply with the GDPR across their multinational operations (that is, not just for the EU operations).
Facebook is one particularly high-profile example. Facebook CEO Mark Zuckerberg told Reuters on April 3 that the company would not extend GDPR-level privacy standards to its users outside the EU (although Zuckerberg did say that Facebook would like to make GDPR-type privacy guarantees “in spirit”).
Then, on April 17, Facebook announced that it was introducing a “new privacy experience for everyone on Facebook as part of the EU’s General Data Protection Regulation (GDPR)….no matter where they live.”
Of course, Facebook finds itself in a unique position that I don’t need to go into in this blog post (Cambridge Analytica, anyone?); however, extending GDPR-level protections around the world is, to me, clearly the wisest choice Facebook (or any company) could have made—regardless of the microscope that company currently finds itself under. That’s because complying with GDPR (the world’s most rigorous data-privacy framework) also goes a long way toward ensuring good data management—and that’s simply a must in this day and age.
So, what do multinational companies stand to gain from applying GDPR-level data-management practices across their operations?
The EU is not the only legal jurisdiction that has data privacy and protection frameworks in place or has plans to pass data privacy legislation. South Africa, Jamaica, and India are exploring or adopting data-privacy laws. California is currently looking at a new data privacy law that is very GDPR-like.
Probably sooner rather than later, every company will need to address the legal and regulatory landscape around rigorous data-privacy regulations. However, companies that only approach data governance with a check-the-box approach to satisfying regulatory obligations may lose out on the benefits of a holistic approach to data governance.
May 1, 2018
| Originally posted on