Will the new data protection legislation spark a generation of data-savvy consumers?

The rise of the Internet of Things will see the amount of data being generated skyrocket. If one single Boeing 737 engine creates 10 terabytes of data every thirty minutes in flight, imagine the data that could be generated by the 25 billion things that will be connected to the Internet by the end of 2020. Marketers all over the world are currently shedding tears of joy when they think about all the possibilities they’ll get with so much customer information. But while companies have always been collecting data about their customers – some more carefully than others – they might not be able to squeeze the Internet of Things (IoT) as much as they’d like to. The new EU General Data Protection Regulation is the reason why. It will force companies to rethink how they protect their customer data – because they will be forced to disclose any security breaches going forward.

In the case of the Netherlands, which already introduced a similar regulation, violating this law of disclosure can be rather expensive for companies – up to 10 per cent of their annual net turnover. While I expect the new European regulation will be less strict than this, it’s a welcome trigger for companies to start thinking seriously about how they protect their customers’ data and how any breaches might affect their customers’ lives. It’s a long overdue trigger, too. Canon research uncovered that a concerning 36 per cent of employees don’t grasp the value of the data they work with. This means more than one in three employees with access to customer information can be at risk of inadvertently compromising data security, causing breach fines.

But the new regulation won’t just affect internal business processes. More significantly, it will open the public’s eyes and may finally allow them to understand the real value of their personal data. While the number of actual data breaches won’t necessarily increase, the number of breaches consumers are made aware of will. And with this should come a change of these consumers’ mind sets.

They will recognise that data has monetary value and assess if giving it away has more risks or benefits. Do I give Google Nest insights into my heating habits if I can reduce my energy bill? Probably. The benefits clearly outweigh the fact that Google once more gets to know a little bit more about myself.

What about the manufacturers of health and sleep monitoring devices? Certainly there are huge benefits to the consumer in being able to share and compare their data. Last year, Jawbone analysed the sleep patterns of its customers to show the possibility of such devices for earthquake monitoring. It was a great example of how companies can connect multiple data subjects at an event that affects all of them to provide interesting data insights.

But what if this data relationship with an organisation has a negative, material impact on the consumer? If a retailer leaks credit card details stored on a customer’s Apple Pay device, which leads to the credit institute blocking the card and, as a result, cancelling all standing utility bills, then customers will probably think twice before trusting an organisation with their sensitive data.

The most important question remains: Will a data breach affect consumers’ purchase decisions? It will, but only temporarily. While they might try to avoid using a certain retailer or vendor for a while, convenient access to goods and services will always trump holding back data and missing out. Just ask yourselves: How many of you have changed your games console as a result of a data breach?

The EU regulation and disclosed data breaches will have the biggest impact on the Business to Business to Consumer market, where consumers are at one end but businesses will be selling to them via a third party. Businesses tend to be very averse to data breaches, especially if it’s their customer’s data that has been breached by an intermediary. They are aware of how much a breach might affect their reputation and the bottom line, therefore carefully evaluating if they want to use a careless middle man.

In whatever form the new data protection regulation comes, its mandatory breach disclosures will be our greatest driver in making consumers aware of how organisations treat their IoT data. The former will always prioritise convenience over potential security issues – but if the regulation makes them recognise the value and importance of their data in an interconnected world, it’s a good start to creating a generation of data-savvy consumers.

Quentyn Taylor, Director of Information Security, Canon Europe