Learn more about the SMU Online Master's Program
LEARN MORE
Learn more about the SMU Online Master's Program
LEARN MORECollecting, processing, and using data from customers has been common business practice for a long time. Until recently, an organization could essentially collect whatever data it wanted about its customers and use it however it wished. While the details of how collection and processing would be performed typically needed to be spelled out in End User Licensing Agreements (EULAs), the knowledge that the end user rarely, if ever, actually read the document before agreeing to it allowed businesses to do as they pleased.
However, in the last few years, the number of data breaches has skyrocketed as the volume of data collected and stored by organizations has increased, and cybercriminals have become more sophisticated and have learned how to monetize their attacks. This increase in the volume and sensitivity of leaked information has sparked a series of new data protection regulations that are designed to govern how businesses can collect and use their customers’ data.
The EU’s General Data Protection Regulation (GDPR) is the first of the new data protection regulations. The GDPR dramatically changed the landscape of data protection and spurred many other governments to pass their own versions of data protection regulations. One of the major impacts of the GDPR is that it gave consumers an increased level of control over their personal data. Under the GDPR, an EU citizen must be informed how their data will be processed, must consent to processing, and can withdraw their consent at any time. Beyond forcing the business to stop processing their data, customers can even require an organization to delete all records that they possess regarding an individual, the “right to be forgotten”.
The GDPR is also significant in its scope of regulation. Instead of being limited to the borders of the EU, it protects the data of EU citizens from misuse by organizations regardless of their location. An organization must either be located in a jurisdiction that has passed data protection regulations with the same provisions as the GDPR or commit to upholding them within the company. This requirement has sparked the creation of many new data protection laws around the globe.
The GDPR and other data protection regulations are designed to protect the data of their customers from exposure and misuse. However, they also have other impacts on the global business landscape.
Many organizations collect customer data as a core part of how they do business. In fact, data collection, processing, and resale is at the center of many organizations’ revenue model. “Free” services like Facebook, Google, and others use the insight gleaned from processing of customer data to sell targeted advertising to other organizations. Under the new regulatory landscape, these organizations may not be able to operate in the same way or may have to modify their practices. Numerous data processing scandals have demonstrated that the way that organizations, like Facebook, process customer data is distasteful to those customers. Under new data protection regulations, consumers may be able to remove their consent for this processing. However, if this processing is essential to the profitability of these organizations and their ability to offer their services without charge, it may force them to move to a revenue-based model, which is also distasteful to users.
As governments increasingly uphold and protect the right to privacy, the data protection regulatory landscape will continue to change and evolve. While this evolution is designed to help protect the sensitive and personal information of consumers from misuse and compromise, it also has other impacts.
Many of the services that consumers use every day on the Internet are based upon the model of trading data for the ability to use a company’s product. The revenue models and business practices of these companies are built upon their ability to process this data and extract insights that they can sell to third parties for a profit. Under the new data protection regulations, these practices may have to change as businesses are limited to the data processing that customers are willing to accept. While this evolution is occurring slowly, it will have a dramatic impact on how the Internet of the future works.
Learn more about how the SMU Online Master's in Cybersecurity will equip you with the skills necessary to effectively protect data for your company.
Complete This Form to Continue Reading