Top 5 Unexpected Consequences of GDPR

June 7, 2018 | Written by: 

The European Union’s General Data Protection Regulation (GDPR) is finally here, promising to put individuals back in control of their personal data and harmonize data protection and privacy laws across Europe.

But with the May 25 grace period deadline behind us, it’s becoming clear that the regulation will have far greater impact on business and society than intended. From sparking new-found trust in organizations, to paving new paths to AI, to actually creating a possible problem for cyber-security experts, the unexpected consequences of GDPR are profound. Here’s a snapshot of what we deem as the top five, with suggested courses of action for each.

  1. New Trust, New Relationships. A 10,000-person online poll conducted by Harris in April found only 20 percent of respondents “completely trust” companies to safeguard their data ( That’s certain to change with GDPR. With restored trust in tech, individuals may even want to share more precise data with companies in order to benefit from more personalized products and services in line with their interests and needs. As the world’s largest steward of enterprise data, IBM is calling on other companies not only to comply with regulation like GDPR, but to put in place deeper principles for data responsibility and trust.
  2. Paving a Path to AI. GDPR could be seen as a Marie Kondo for data centers. For many, big data has become a big mess. As a result, data scientists currently spend almost 60 percent of their time organizing and cleaning it before they do anything with it. In requiring companies to discover, organize, govern and catalogue their data – and deleting what they don’t need – the GDPR is actually helping organizations lay the foundation for machine learning and artificial intelligence – technologies that learn as they go and discover insights at speeds never previously possible. As Rob Thomas, General Manager, IBM Analytics, likes to point out, “Your AI system is only as good as the data that goes into it.”
  3. Curbing Cybercrime Stoppers. One of the more controversial consequences of GDPR that’s beginning to boil over is the unintended impact on Web domain registration information – the personal contact information for anyone who registers a web site. Such data, readily available upon request to registrars, has been a key tool for cybersecurity experts and law enforcement to quickly connect malicious domains to cybercriminals. As a result, these organizations have been able to do everything from blocking millions of spam messages from suspicious domains, to actually tracking down and prosecuting cyber criminals. But because of GDPR, domain registrars are no longer providing easy and rapid access to such data for fear of being non-compliant and hence, subject to GDPR’s hefty penalties. Regulators and tech experts are scrambling to hammer out a solution.  
  4. Advanced Encryption On the Horizon. GDPR is forcing companies to ensure the highest possible levels of protection and privacy – from hackers to data processors themselves. Fully homomorphic encryption – akin to sealing and analyzing data in an impenetrable bag – is seen as the Holy Grail of encryption technologies. It’s been in development for years but still isn’t quite fast enough to be viable; however, recent advances promise to accelerate its commercial availability. Companies are already using a new generation of pseudonymization technologies to strip out the most sensitive personal information from data, replacing it with something fake so it can be analyzed and shared while still respecting privacy. For example, the Dutch bank Rabobank is replacing the names of banking customers with the Latin names of flowers before sharing it with software developers for app testing. Necessity is the mother invention.
  5. A New Cottage Industry: The Data Trust. With data rapidly turning from a company’s biggest asset to its biggest potential risk, some businesses may choose not to manage any of their own data. Instead they may ‘offshore’ it to an expert third-party who can store, process and eventually delete the data in a way consistent with regulations like GDPR. These fascinating new entities are called “data trusts.” Earlier this year, IBM and MasterCard set up the industry’s first: ‘Trūata’ which promises to manage, anonymize and analyze vast amounts of personal information held by companies such as travel agents and insurers. It’s a bit like keeping money in a bank rather than hiding it away at home in order to benefit from better security and other value added services – only in this case, the data that’s put in the trust isn’t pooled or mixed together.

Overall, despite the effort involved, according to IBM research over 60% of business leaders see GDPR as a blessing in disguise: a way to drive digital transformation across the enterprise and innovate new data-centric business models. IBM’s take is that sometimes intense pressure and constraint lead to great innovation and that business leaders should embrace the regulation – they may be surprised by some of the benefits.


Previous articleReport shows increase in social engineering
Next articleHackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.