Taking back control of data security, and raising the standards of companies as of yet unwilling to improve their data protection policies: such is GDPR’s promise. 

Some businesses fear that the EU’s General Data Protection Regulation (GDPR) will cripple innovation in fields such as AI and machine learning, by denying companies access to the precious, information rich data of hundreds of millions of individuals. Others see it as not going far enough: to restore privacy, they say, the law should not be regulating what is done with people’s personal data, but stop systems from collecting it in the first place.

GDPR fire
– Sebastian Moss

The middle way?

Whatever the case, the legislation proposes to catch up on Europe’s dated data protection laws set out by the 1995 Data Protection Directive.

But the long arm of the law has historically struggled to keep up with the fast pace of technology companies, and even if it did, it is hard to agree that draconian regulation would entirely suit the global capitalist economy. The advertising business relies on the collection of data, as other sectors such as retail, transportation and logistics increasingly do. To roll back decades of economic development is only conceivable with some difficulty.

The lack of regulation has allowed businesses to thrive, with some overstepping ethical and moral lines as of yet uncrossed. Some companies unashamedly exploited unknowing Internet users’ data to target sales, while others, such as Cambridge Analytica, did so to further political goals.

There’s no pretending that these organizations, or this operating model, will disappear on May 25th. But whatever the company, and whatever their motive, they will have to conform to the new rules set out by GDPR. And for this, they will need to understand them.

Who are you gonna call?

Enter another aspect of GDPR that often goes unconsidered: newly-minted GDPR experts are finding ways to draw capital from its very existence. Stick with us they say, and you won’t find yourself crippled by burdensome fines, or brought to shame when irresponsible practices are denounced by the press. Stick with us they say, and you can keep using people’s data within the law’s remit. 

While consultancy firms rub their hands together, with their white papers and compliance guarantees, data cataloging firms promise to actively bring companies onto the right page. 

So called metadata discovery platforms, otherwise known as data cataloging software, sit atop databases or data lakes, identifying and tagging risk data, increasingly a mix of structured and unstructured, creating a searchable base for firms to work with.

These are not new companies. Companies like Waterline Data, Informatica, Talend or Alation are mostly analytics firms which addressed other markets and specialisms pre-legislation, mostly to do with the old-school approach of monetizing data. While data monetization is still a factor in the growth of the data cataloging market, compliance has driven the growth of a panoply of as of yet ignored companies.

Companies may perish under the weight of hefty fines, and consumers may find their privacy ever so slightly less infringed upon, but the real winners of GDPR will be the companies turning a profit on the back of the dazed and confused

This is because their service has just become crucial. It will be a legal requirement to know which operational system data is held in, how it was collected, what it is used for and whether it was obtained with explicit consent. As companies collect and hold more data than ever before, the compliance experts could actually save companies from crippling fines that might bankrupt them - while still helping them to turn data into profits. 

First in most peoples’ mind is GDPR, but countries like Iceland, Norway and Slovenia have their own strict privacy protection laws, and the assumption (some would say the hope) is that GDPR will affect the legal landscape worldwide, as a lack of standardization could inhibit trade. In any case GDPR will affect companies abroad who hold data on European citizens. 

Thus, companies may perish under the weight of hefty fines, and consumers may find their privacy ever so slightly less infringed upon, but the real winners of GDPR will be the companies turning a profit on the back of the dazed and confused.

Challenges remain for the data catalogers: if privacy by design becomes reality, unless they’re already part of the enterprise fabric, they will become obsolete. Their time to shine is now.