The General Data Protection Regulation is a new European Union and European Economic Area privacy regulation. It has to do with how personal information of EU subjects is processed and applies to all enterprises, even if located outside the EU, that work with the EEA. Among other things, it requires that data collectors and processors receive opt-in consent from the data’s owner; certain data breaches must be reported within 72 hours; users have a right to request a copy of the data collected; and users have a right to have their data erased under specific situations. This last right is also called “the right to be forgotten.”
When the GDPR became enforceable on May 25 it affected me. I was in Austria and I could not get access to several U.S. websites, including the Omaha World Herald. “Come on, what’s the privacy issue with our local paper?” I thought.
Talking to several business leaders when I came back to the U.S., we reflected on how the new regulation affects Omaha businesses. There were two distinct responses.
The first was, “the GDPR is interesting to know about. But our firm doesn’t have clients in the EU so it’s not a regulation that I think too much about.” I’ll call this a short-term, narrow reaction. It doesn’t indicate that the businessperson’s perspective is far, wide, and high. The conversation closed down almost immediately.
What I’ll call ethical legacy thinkers, however, consistently had a different take. Even if their firms don’t currently have EU clients, they exhibited attitudes and perspectives that left me with the thought, “I can see why they have influence and will last a long, long time.”
Ethical legacy thinkers have four attitudes in common, which were apparent in my GDPR conversations with them.
First, they exhibited curiosity, asking questions such as, “What’s the difference between opt-in and opt-out?” and “What is
Second, they expressed concern for long-term business impact, asking“How can we continue to satisfy our customer’s need for privacy?” and “What will the overall cost be?”
Third, these businesspeople showed a sense of the relationship between business and society, asking,“What are the social norms across communities and countries that drive different senses of privacy?” and “What is businesses’ role in maintaining these?”
Fourth, they always bring it back to their values and the core values of their firms. They asked “Why is privacy important to me?,” “How can I make sense of the right to be forgotten?,” and “How can our company use the spirit of this regulation to do what we do best—make good money through excellent customer service and respect for our customers?.”
Ethical legacy thinkers are seers. They pose big-picture questions and seek long-term impact. They know that passing on a strong moral compass and a sense of purpose is meaningful.
This article was printed in the August/September 2018 edition of B2B.