Hear Tyler Johnson's take on GDPR and the future of Fintech
Credit: BooDigital Here: https://boodigital.com/ https://twitter.com/talksdotcoffee https://www.facebook.com/coffeeshoptalks/
Just last week, I noted that the UK's Information Commissioner’s Office (ICO) closed its investigation into Facebook under GDPR (the EU's new data protection law) sharing personal data with WhatsApp who they acquired in 2014 when Facebook agreed that the Facebook and Whatsapp platforms would not share data.
At the time I noted that this was a great example of GDPR's strategic company risk. Sharing customer data is usually one of the primary reasons for M&A; without it, the value of such transactions is often dramatically reduced. I wonder how many CFOs are accounting for GDPR strategic risk in their M&A strategy. Probably not many.
Wow that was quick - It just got much worse for Facebook
I just watched Mark Zuckerberg's mea culpa about the Cambridge Analytica breach on CNN. I believe he's "really sorry", there's no question his company is real trouble.
But did the activity carried on by Cambridge Analytica's Facebook user data constitute a security breach? In this case, hackers didn't compromise either FB or Cambridge Analytica, so one would have to argue that no, it wasn't a security breach.
A new concept (for some): PRIVACY BREACH
In the US, the laws governing privacy are weak to non existent. We're used to privacy notices being buried; an extensive data brokerage market exists where companies are free to sell your personal data for practically any use, including how much you pay for services, what job interviews you get, what ads you see and so on.
But as Facebook is about to discover, that doesn't mean there isn't legal risk. Lawsuits have already been announced. It's clear Facebook's troubles are just beginning.
For data privacy in the EU, things are quite different. There's no question that Cambridge Analytica's use of is a clear violation of GDPR. Ireland and the UK have already both opened investigations. The fines are likely to be tame since GDPR doesn't go into enforcement until May, but it's a near certainty EU regulators will find other ways to enforce a maximum penalty of 4% of Facebook's $40 Billion (about $1.6 Billion) . This pales in comparison to their brand risk, not to mention the risk the other 3rd parties have retained personal data scraped from Facebook and put (or will put) that information to use.
What's your risk that 3rd parties retained personal data your company gave them?
How may EU citizens are likely to stop using Facebook altogether? To understand this, let's talk about the EU consumer, and the cultural forces driving GDPR.
For many in the EU data privacy = Freedom
It's been explained to me that Europeans have a cultural memory of the Nazi "surveillance state" and this is one of the primary reasons why Europeans take data privacy so seriously (EU friends, would love your thoughts below on this) GDPR is notable, not because of the hefty fines, but because it makes control of personal data an individual right.
The Facebook Cambridge Analytica privacy scandal is sure to strengthen this perception because of the Trump campaigns' use of personal data to manipulate voters (Democrats, you're not off the hook either - see this article). This makes the likelihood of GDPR action against US companies much more aggressive than it otherwise would have been.
What can the US companies learn from the Facebook scandal?
While Facebook's situation is extreme compared to most US companies at present, most companies collect significant amounts of sensitive personal data, and with that comes significant responsibility, and risk.
GDPR is a major risk for companies with EU customers (or who otherwise handle EU resident data), but as the Facebook situation clearly demonstrates, it's not just regulatory risk and it's not just in the EU.
On one hand, we need this data to do a better job creating products and experiences customers want. On the other hand, handing such data in a consistent secure manner company wide is very difficult, especially when that data lives in many places and with 3rd parties. Companies that engage in M&A activity are especially at risk because their personal data is often fragmented across hundreds (or even thousands) of data silos.
Compliance with GDPR is a good start. If Facebook had automated data governance in place that fully complied with GDPR (including controls for 3rd party access like Cambridge Analytica) , their risk would have been much lower. If you'd like to know more about data governance automation for GDPR, look here.
It was the fall of 2014 and we were finally ready. Nearly 10 years after getting my MBA in Entrepreneurship from Southern Methodist University in Dallas, we had finally built up enough savings and it was time to leave the corporate world to embark on the new, uncertain path to building a new company.
While Amazon, Facebook, Google and other “digital native” companies rapidly launch new products and services with a modular, automated, standardized approach (Devops/Agile), traditional companies increasingly struggle to compete because they can’t take advantage of actionable data being held hostage by traditional and SaaS software vendors, legacy systems, and business silos.
At over 4000 words, Jeff Bezos' 2016 letter to Amazon shareholders (posted last week) has a lot to say. While I highly recommend tech executives and investors read the entire thing, here are my top ten excerpts from the letter:
In the first article of this series, I spoke about how and why cloud IT providers use lock-in. I'll briefly revisit this and then focus on strategies to maintain buyer power by minimizing lock-in.
Here are two predictions for differences in industry evolution between Cloud IT and 20th century autos:
- The Cloud IT sector will consolidate an order of magnitude faster (perhaps two) than the auto industry did
- Future Cloud IT oligopolists will work to maximize customer retention by maximizing switching costs (creating lock-in)
By allowing administrators to partition up underutilized physical servers into ‘virtual’ machines, they could increase utilization and free up capital. Unfortunately that hasn’t happened for the most part. It’s a poorly held secret that server utilization in enterprise datacenters is much lower than most people think as virtualization reaches saturation with about 75% of x86 servers now virtualized.
While most people working for cloud providers (I used to work at one) will tell you that Disaster Recovery is a great use case for cloud, our panelists weren't so sure. The feeling in the room is that utilizing cloud environment in addition to traditional on premise environments created a bunch of operational complexity and it was safer to keep both production and DR in-house.
None of this would have happened if Carly hadn’t made a mistake in firing all those HP salespeople and I hadn’t taken a risk.
Although successful with these large companies, something was always missing. I yearned to be able to create something on my own, and I’ve just taken an even bigger risk. After 12 years of planning, I left Rackspace in January to join the ranks of the entrepreneurs (or unemployed as some like to call us).
It's all about user generated data. You might think that GE is a product company, and you'd be right. But it's also a services company that services millions of industrial devices in the energy, transportation, healthcare, and manufacturing sectors. These devices create literally exabytes of data, data which GE currently uses to service and maintain it's customers equipment and gain insights on product design, and in the future will be used for much more.