Now that Chicken Little has taken over at Harvard Business Review (HBR), she has a message for you: “GDPR and the End of the Internet’s Grand Bargain“. It’s not a typical children’s story. But it is a fairy tale. And along the lines of Hansel and Gretel and Little Red Riding Hood, it does have some scary parts; although, since HBR lacks a sense of irony, loves big government, and is a blood relative of Big Brother, it won’t find the same things scary that we do.

This iteration of the falling sky has to do with the power the European Union assumed over data-collection two years ago. If you’re not sure why that’s scary, this is all you need to know:

These new powers come with new responsibilities and new costs for users [emphasis mine], not least of which are ballooning budgets for government data management and enforcement bureaucracies worldwide … But search engines, social media providers, and e-commerce platforms, along with user forums, news sites, and emerging internet-of-things service providers large and small, may rationally conclude that the new costs and potential penalties associated with collecting, analyzing, and marketing user-provided information [emphasis mine] have become unsustainable.

That’s right. Because we’re not capable of taking care of ourselves — and because we’re not big fans of fine print — Big Brother is going to take care of us and make sure he gouges us for the cost of that care. While he’s at it, he’s also going to regulate Internet entities into oblivion. We’ll all live in one big happy virtual Utopia, free from risk, freedom, and choices.

I love the smell of red tape in the morning.

What’s Common Sense Got To Do With It?

Complying with the GDPR remains something of an inexact science. (If you doubt that, look at the number of companies creating positions for GDRP compliance officers.) But as is always true, an ounce of cautious common sense can be worth a pound of more painful and costly cure.

Accordingly, the self-evidence of these steps notwithstanding, you might consider these:

  • Read the GDRP and revamp your data-protection protocols to comply with it.
  • Mitigate your identifiable risks, particularly of financial fraud or identity fraud.
  • Take the initiative in managing change for all employees who collect or process, using automation as much as possible to prevent human error.
  • Make your rules for obtaining customer consent clear and transparent.
  • Research records-management guidelines to ensure you retain no data longer than required.
  • Make sure data protection is an integral part of every business process, including marketing.
  • Take the initiative in using your compliance with the GDRP as a competitive advantage.

Given the potential for stiff non-compliance penalization, it’s better to be safe (prepared) than sorry (breached and/or penalized). Everything you do may pay compliance dividends.

But it won’t keep HBR and Big Brother from dropping the sky on the Internet.

Image copyright 2005 by Walt Disney.