In data business, market forces are more brutal than regulators...
There is no question that GDPR has paved the way for a massive increase in both the number of jobs in the corporate world, as well as the number of startups, promising to provide solutions to the various issues the new regulations bring.
Since the approval of GDPR in the European Parliament in April 2016, masses of online articles have appeared discussing personal data protection, data privacy, security etc. However, more significantly, many of these articles have incited fears - no company wants to be penalised by regulators for non-compliance. Yet what many have not realised is that market forces are much more brutal than any regulator (a truth that holds more importance especially for publicly listed companies).
Some of today's most powerful companies (Facebook, Apple, Alphabet, Microsoft etc) are backed by their financial muscle and a powerful lobby. However, history has shown that big companies, having made their money in a certain way, are often reluctant to alter their business model, due to complacency. For example, DEC, Kodak, Netscape and Palm were market leaders in their respective fields, but eventually all of them failed catastrophically, unable to sustain themselves for more than a couple of decades due to failure to innovate and a reluctancy to disrupt themselves. More recent examples of this are MySpace and Nokia.
Recently, Facebook experienced a colossal disaster, losing US$120 billion in one day - an event so absurd, simply due to its sheer scale. To make it easier to comprehend the scale of this loss, Adobe's market cap in 2018 is US$119 billion, GE's market cap is US$126 billion and Pepsico's market cap is US$ 138 billion. Some of these iconic brands took decades to build their tangible assets and each with a market capital of over US$100 billion.
But, it is important to realise that Facebook's business model is completely different to a traditional business in that it is completely built upon intangible assets (i.e. their real asset is user data). And still, Facebook knowingly ignored the blatant necessity to safeguard their user data, which eventually took its toll.
There is a common misconception that the reason for this huge loss was due to missing the quarterly revenue target. But, in actual fact, the underlying reasons were the company's decision to overlook the issues of fake news and the exploitation of user personal data. And thus, big issue now is a lack of trust in the company, whether with it's users, clients or the markets (Amazon has been missing its quarterly target for most of existence but yet is one of the most trusted brands).
Facebook's 2017 revenue was approx. US$40 billion.* As per GDPR law, the maximum penalty from the regulator would have been only US$1.6 billion (based on 4% of the total revenue), which is significantly lesser loss from US$120 billion. But as suggested, market forces are much more brutal than the regulators.
The lesson to be learnt here is that when your business is fuelled by user data, you must win the user's trust by genuinely giving the power back to the user over their data. To achieve this, having strong foundational principles is key (e.g. "Privacy by Design"). Essentially, you must design your entire business with user privacy at the core. This will enable you to gain user trust right from the start and then, allow you to focus on offering better services.
To assess how well you are doing in "Privacy by Design", check out our free 5-minute GDPR Assessment. http://bit.do/esG4i