Javascript on your browser is not enabled.


Deepak Jain

Deepak Jain, Senior Manager – Data Analytics, SapientRazorfish.

More From The Author >>

GDPR – An Opportunity or Threat?

We know that data is the new electricity and is a key differentiator on how organizations leverage data creating more value for consumers. GDPR will certainly be a positive move, bringing consumer privacy and data security at the forefront.

GDPR (General Data Protection Regulation) is one of the most revolutionary topics globally, changing the way companies use consumer data. It is a regulation that aims to strengthen and unify data protection within the European Union.  

Anyone working with data from consumers in the European Union or wants to transfer any data outside the EU zone has to abide by GDPR compliance. It fundamentally simplifies and unifies the way we create, use, store and share personal data and information.

GDPR is as an update to the present data protection directive with an aim to shift the compliance attitude for security and privacy of personal information.  But what does it mean for the wider ecosystem thriving on data led propositions?

Data-Driven Marketing:

Data-Driven Marketing is largely reliant on a strong data governance process and GDPR will not limit it, but it will require that marketers cover enough ground with data compliance to use their data the way they do today. Most of the data analytics vendors have begun to handle the complexities of personal information. As a measure, they are in the process of revamping data tracking and storage solutions to comply with this new regulation.

Open Banking:

Banks are witnessing the introduction of the GDPR that aims to add new, stricter requirements for data protection applicable to all the data exchanges. It is quite similar to Payment Services Directive (PSD2), which is about to come into effect, as both these guidelines aim to put consumers in control of their own data and secure their data safely. However, while on one hand banks need to make their consumers’ sensitive data available for open banking, on the other hand, they need to meet the GDPR’s strict requirements for authentication, authorization and data privacy of the same.


A crucial feature of GDPR on Blockchain is that personal data cannot leave the EU. This is a major challenge with Blockchain, as it is almost impossible to change or delete the information contained in the blocks. As per GDPR, you cannot directly store data on the Blockchain, as in GDPR terms ‘it is not erasable’. Data is retained on every node of the distributed network which can be accessed by all, irrespective of the initial purpose of its collection and processing. This conflicts with the ‘Right of Data Minimization.’ Therefore, organizations need to be vigilant about storing personal information while realizing the benefits of the Blockchain technology.

Data Lakes:

Defining strategic approach to converge Data silos, centralizing an organization's data in a Data Lake is going to be a best practice, as data silos is a common trend among different clients & industries. User’s data is being stored separately within various systems, often in different parts of the organization. Digital Analytics, CRM data, eCommerce systems and marketing data, all may hold individual and personal information. Data Lakes is going to be a fundamental choice across organizations, enabling our ability to have a unified view of data across systems and in line with our ability to cater to GDPR requirements of data access or data deletion.

Consent Management Strategy:

Consent Management Strategy will play a crucial role with an eye toward consumer experience. If we integrate analytics data with other Ad Technologies and Marketing Technology platforms (such as DSP or CDP), use re-marketing pixels and tracking codes, or personalize website content based on user behaviour, then certainly we would need to first obtain consent for each of these activities.

Data Diminution Will Become Part Of The Strategy:

Compliance costs will deter marketers from collecting data that is not necessary. Marketers will now be more methodical in selecting what data to collect, leading to a leaner data environment. There will be a significant shift of focus from quantity to quality of data collected.

Privacy by Design

While the ‘privacy by design’ approach has already been there, but this is going to get strong momentum and adoption across industries to take privacy into account throughout the entire data engineering process.

Privacy by Default

Privacy by Default will be the path ahead, after a product or service has been released to the public. It is by default that the most stringent privacy settings should apply, without any manual intervention.

Does India Also Need a Stringent Data Privacy Directive?

India has already started on a massive digital revolution with fast paced adoption of biometric data platform known as ‘Aadhaar.’ ‘Aadhaar’ is amongst one of the most discussed topics concerning data privacy and security of information being used across various systems. This is amongst the series of initiatives under ‘Digital India,’ calling for service delivery through digitization of the documents of its citizens and capturing user information for records. As India moves towards digitalization at a blazing pace, ensuring protection of data while authorizing citizens to control their own data will be vital. Count of spam messages we get each day on phone, e-mails is a breach of our personal data being shared with vendors without any consent. It’ll be interesting to see how GDPR gets adopted across other countries and if India will be amongst one of the early adopters.


We know that data is the new electricity and is a key differentiator on how organizations leverage data creating more value for consumers. GDPR will certainly be a positive move, bringing consumer privacy and data security at the forefront. It  is going to fundamentally change how companies handle customer data, but it is much more than just a compliance issue. In order to lead the new data conversation, companies should use the opportunity to re-think their customer experience and find new, relevant ways to reach out to consumers. GDPR is sure to strengthen data protection measures of the organizations and authorize them and their customers for total compliance.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house

Tags assigned to this article:
GDPR (General Data Protection Regulation)

Around The World