Today marks an important milestone for European-based business. Today is the day when the European Union’s General Data Protection Regulation (GDPR) is deemed enforceable. Such a milestone has implications for multiple industry supply chains.
The Economist has termed GDPR as being the “Dodd-Frank of data.” The principle behind this legislation is that privacy and ownership of one’s personal data is considered a fundamental human right, especially when it pertains to online.
The regulation was adopted in April 2016, and after a two-year transition period, became enforceable today. GDPR being a regulation, not a directive, means that it does not require national governments to pass any enabling legislation and is directly binding and applicable. The regulation not only applies to EU based activities, but wherever personal data about EU citizens are processed.
In our 2018 Predictions for Industry and Global Supply Chains (Available for complimentary download in our Research Center), we declared that this year would provide a renewed emphasis on protections and safeguarding of customer related data. The widely reported massive data breach that occurred at Equifax allowing hundreds of millions of records related to sensitive personal data to be compromised, the continued incidents of cyberattacks and ransomware, were the backdrop of GDPR.  This year’s news headline that user data involving upwards of 87 million Facebook users may have been improperly manipulated by a politically focused data analytics firm added to the seriousness of protecting personal and other sensitive data.
For this supply chain industry analyst and blog Editor, our email inbox for the past two weeks has been a sobering wake-up to data proliferation. The multiple notices that we have received in conjunction to GDPR notification of use of data has been eye opening. We have heard from web-based organizations that, admittedly, we were never aware of, that were tracking data in one form or another. Perhaps your email inbox has provided a similar experiences.
The reality is that many EU and global companies remain unprepared to understand and deal with the tenets of what will be required to be “GDPR compliant.” The fines for non-conformance are steep. Some predict an initial curtailing of the direct use of customer data and lots of confusion or litigation until GDPR is sorted out.  Perhaps such conversations are already occurring in your organization.
Large and small organizations have indicated that the regulation will make it much harder to leverage customer data, particularly buying related data, in online and physical customer intelligence capabilities. The recent Facebook incident, along with CEO Mark Zuckerberg being forced to testify before both U.S. and European legislative sub-committees  led to calls for similar types of data protection regulation in the U.S. and other nations.
We continue to predict that industry supply chain teams will be caught in the middle of such dynamics, with all sorts of initial confusing directives regarding how to collect and manage individual customer data. Some efforts toward enhanced customer intelligence and more predictive forecasting of expected customer demand may be temporarily derailed. Teams will likely be frustrated by such dynamics. Some efforts toward enhanced customer intelligence and more predictive forecasting of expected customer demand may be temporarily derailed.
All of the above should be expected and, we quickly add, should not be the basis to scuttle efforts towards more insightful information on customers and product buying trends. Instead, GDPR, and other data protection directives should be viewed as a regulating mechanism, a time to take pause to determine smarter strategies in leveraging data, along with adequate protections of personal data.
We have heard technology visionaries openly declare that concerns over personal data protections are futile, that technology will invariably cut-through such resistance.
Our reply is “bunk”.
Technology should not be viewed as zero-sum game in a democratic society. It should never ignore or gloss-over individual personal protections. If the Facebook and past election meddling incidents have shown anything, it is that technology should not be manipulated for corporate, political ideology or individual gain. If history is indeed a judge, wars have been fought and conflict stemmed from protection of individual rights.
The notions of artificial intelligence or cognitive computing are such that each can provide extraordinary capabilities for prediction and anticipation. However, behind any technology are a set of design principles and managed guidelines, and there is no reason personal data protection cannot be a tenet of such principles.
Bob Ferrari
© Copyright 2018. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.