Editor’s Note: This post was originally published in February 2019 by insight.tech www.insight.tech.com
GDPR is a fundamental shift in personal data ownership—and it’s not just happening in Europe. The adoption of similar privacy legislation is growing around the world. A case in point is the recently adopted California Consumer Privacy Act and Brazil’s General Data Privacy Law, both of which require companies to swiftly and fully respond to requests from individuals for access to personal data held about them. Other jurisdictions are considering comparable legislation or updating their privacy laws to include similar obligations as well.
Although companies have had two years to prepare for GDPR, many remained in the dark about the impact of the new rules on their business until those rules took effect on May 25, 2018. Others chose to take a “wait and see” approach pending enforcement and more regulatory guidance. The first significant GDPR fine was by France’s CNIL against Google, revealed in January 2019. “It hasn’t been a reality until now,” explained Jerrod Bailey, chief strategy officer for Truyo, an enterprise compliance solution.
“We have companies that have come to us since the May 25th deadline and in some cases, they have received 10,000 requests in the first week. These companies were prepared for ten, maybe a hundred requests. They weren’t prepared for 10,000,” Bailey said.
This problem is exacerbated with large retailers, who have to comb through hundreds of data sources looking for a single person’s data.
The punitive risks for material noncompliance with GDPR’s provisions on individual data subject rights can be substantial, with fines up to €20 million or 4 percent of annual global revenue, whichever is higher. Especially in the retail industry, the search is on for a path to meet at least the minimum GDPR regulatory requirements, one that is effective, quick, causes minimum disruption, and is capable of addressing future changes in both the regulatory and system environments.
Giving Retailers the Edge on Compliance
In response to this need, Truyo offers a unique solution designed specifically to address requirements of the GDPR regulation. The system relies on highly secure blockchain technology to protect data and enable compliance throughout multiple touchpoints, which can be especially important to retailers.
“One of the major areas where retailers are collecting data is at the point-of-sale,” explained Bailey. “A lot of retailers just don’t have any compliance solutions for point-of-sale. We have the ability to integrate about 98 percent of the point-of-sales systems out there.”