Data has never been of more importance, nor has there ever been such vast amounts of data available. Recent figures show that there are roughly 2.5 quintillion bytes of data generated each and every day, and that’s a staggering number that’s only going to increase.
We now live in a society where the ease of gathering information has become overwhelming. Washing machines now connect to the internet in order to collect information, and even my bike gathers data about my journeys and location and feeds this information back to Google. Almost everything that is not an organic thing is collecting data about you, often without you even knowing about it.
For businesses, this data is invaluable. There’s no denying that good data beats opinion, and can help you to better understand markets, to intelligently develop marketing strategies, and to offer customers a deeper level of personalisation.
The Economist published a story in 2017 titled, "The world's most valuable resource is no longer oil, but data”, and ever since its publication, the topic has generated a great deal of discussion and "Data is the new oil" has become a common maxim. For businesses operating in today’s digital economy, this phrase has never been truer; knowledge is power, and this knowledge is directly derived from this vast, enormous amount of data collected.
For individuals, however, “Data is the new oil” is a phrase that commonly generates a negative response. Many have become concerned about their personal data and how it’s being used by organisations, a growing worry likely spurred by the recent Netflix documentary The Social Dilemma.
The General Data Protection Regulation (GDPR), too, has given individuals more awareness and control over their identity and data. The European privacy regulation turns two this May, and at Nmbrs, we’ve found that people are increasingly starting to ask the right questions.
When it was first introduced, businesses were reluctant about GDPR, but they had no choice but to take it seriously due to the theoretical fines that they could be hit with for not properly complying with the complex regulations. Only now is it finally starting to have a positive payoff.
The basic ideas behind the GDPR were good. Specifically in these times of all powerful data gathering goliaths (Google, Amazon etc) and with us the common people both unaware of these activities and powerless to resist.
However, there’s no denying that all good intentions aside; the impacts can be impractical, largely due to the fact that the lawmakers and politicians are seldom hindered by - or aware of for that matter - the actual implications of these laws for people and businesses alike.
Though the regulation is being tweaked to deal with the changing ways that people and consumers interact with data, it’s impractical nature can often lead to challenges, which we’ve had to tackle here at Nmbrs. One of these, for example, is the fact that we don’t have a separate Data Processing Agreement (DPA) - which people find quite uncharacteristic and is something which I have to explain to people all the time.
It’s a good thing to make sure agreements are in place, but there are misconceptions about how this needs to be done. Although the GDPR states these agreements have to be “written” it does not mandate a “separate agreement”, which many people are falsely convinced of. We have all the mandated topics clearly written down and easily accessible in our terms & conditions.
Another good example of a good thing in theory - major pain in the ass in reality - is the fact that “officially” the “processor” has to make sure that all its “sub processors” achieve a similair or better level of “security and privacy” data management” as they themselves have agreed to provide to their clients.
Of course, it’s of critical importance to think about the entire supply chain and how each party within this chain operates. However, this also means that every single organisation wants me to enter into “their specific own separate DPA” in order to ensure I provide the level of security and privacy that they have promised to provide to their clients. However, I simply cannot manage this multitude of “individual agreements”, nor do i want to. I have no “favourite child” when it comes to protecting the data and privacy of our clients.
I work just as hard for the privacy and security of the small 2-employee business using our platform, as I will for the organisation with 100+ employees and an awesome reputation.
I will always do my best to ensure top-level, best-effort secure management of the data you entrust us with. By no means are we impregnable, but we do our bloody best and are clear about what you can expect from us.
In my opinion, people are starting to ask the right questions but are too focused on personal data alone. There is way more data out there than personal data, and for companies, data management will increasingly become a big thing. For example, a company selling fast-moving consumer goods is helped by having good demand forecasts and usage trends, so they can produce the right amount at the right time. Information - in particularly good information - is key, and it will become the differentiator between the successful and lesser-successful businesses. People tend to focus on GDPR, but the importance of data - combined with the sheer amount of data that is being collected - means we should move towards a more data-oriented way of thinking, because that’s where both the threats but also the possibilities lie.
With this in mind, it’s time we started to think about data more - and differently. Businesses that recognise the value of data, and ensure that data protection is always the forefront, will be the ones that thrive in the future.