ZealiD Blog

Liberation of Personal Data

Written by Philip Hallenborg | Nov 04, 2019

Data in the digital age

In the digital age we live in, ownership and control of identity data are increasingly considered essential human rights. And with the introduction of the EU’s General Data Protection Regulation (GDPR) in May last year, the need to adapt to this new way of thinking about customer data has become a critical reality for businesses across Europe.

 

GDPR marked a massive shift in how we as a society view the right of individuals to access, manage and protect their personal data. The guiding principle is that the individual owns their personal data - not the organisation to which they have provided it. But as simple as this premise sounds on paper, eighteen months on from the regulation’s introduction and a staggering number of businesses are still continuing to struggle with compliance.

 

Uncertainty and complexity

Many elements of GDPR leave a lot of room for interpretation, which generated significant uncertainty and left many companies and public authorities feeling lost in the run-up to its implementation. Unfortunately, the typical response was to do the bare minimum to achieve compliance. This was often limited to no more than adding a simple cookie statement to a website or providing individuals the ability to ‘opt-in’ when giving consent to share their data.

 

Research conducted six months after GDPR’s introduction suggested that as many as three quarters of companies had already failed to provide personal data when requested by individuals within the timeframe stipulated by the new legislation. These types of statistics undoubtedly ring major alarm bells for regulators in Brussels.

 

Fast forward to today, and as a result of their initial inaction many organisations are facing one or more of the following truly profound data challenges:

 

  1. How to connect and structure databases, systems and digital accesses so that one internal view of an individual’s personal data can be created. This involves consolidating fragmented data sources, which can be an almost impossible task.
  2. How to implement legal requirements so that the individual can effectively amend, alter or delete personal data in the complex environment described above.
  3. How to enable the individual to extract personal data in a digital format when most organisations lack the ability to securely identify the individual online.

 

A matter of mindset

Although the challenges above are pressing from a practical standpoint, one overriding behavioural challenge remains and is common across all industries: educating managers and business owners that “their” data is no longer their data.

 

And perhaps even more important is instilling the understanding that future business models lie not in the classic “we own the customer and will provide added-value services” mentality, but rather “let’s create a public API and see how the market builds services on top of it.”

 

Embracing disruption

Perhaps one of the best examples of an industry painfully trying to adapt to a new digital reality is the banking industry. Faced with disruption at an unprecedented scale, the biggest hurdle remains the mentality of middle and senior management alike.

 

Instead of innovation based on public APIs, leading the way to new business models and ecosystems based on structured and standardised data, banks are still scrambling to meet the very basic requirements set forth in Payment Services Directive 2 (PSD2).

 

Most banks fail to understand that tomorrow’s business models will need to adapt to an ecosystem built on public APIs where the consumer owns the data. The bank will not have the ability to decide what, where and when services are deemed to add value and access an API with a consumer’s personal data.

 

Looking beyond just compliance, effective adherence to standards such as PSD2 and GDPR will empower banks and other companies to make better use of the data they collect to enhance the customer experience, rather than simply to react to requests regarding personal data.

 

No liberation without identity

One of the main issues with any kind of public API containing personal data is how to remotely identify the owner of that personal data. This is largely an authentication problem for banks. But for many other services, and perhaps most importantly for public services and APIs, this is a hugely complex challenge. There is no tradition of digital services provisioning and the basic infrastructure of remote identification and authentication is severely inadequate.

 

Enter ZealiD. Our platform facilitates a seamless transition to a “consumer owns the data” mindset, and the tools to execute a public API that meets regulatory requirements. With ZealiD, an organisation can quickly move to meet evolving consumer expectations regarding data access, portability and flexibility.

 

But perhaps most importantly, ZealiD empowers organisations with the tools they need to create winning, innovative business models on top of their incumbent architecture of locked-in personal data.

 

We recognise that data is a valuable commodity that can provide a significant competitive advantage. As more of our lives move into the digital realm, an organisation’s ability to protect and leverage its customers’ data will continue to become a key differentiator on which it is judged against its peers. Choose the right technology solution today to safeguard your business in a data-centric future.