The General Data Protection Regulations are designed to give consumers more control over their data – including key provisions such as a right to be forgotten.
In essence, it means more power to the people, and potentially more fines – big ones – for companies that break the rules.
The regulations reflect the political emphasis now placed on issues such as privacy.
No longer a secondary issue for companies, a failure to appreciate the fundamental role privacy now plays in the tech sector can make or break a reputation.
Protecting privacy, and being seen to do so, is increasingly inseparable from protecting profits.
The commus industry has a vital role to play in helping tech companies – often focused on consumer PR and marketing – navigate the new regulatory landscape and a more proactive approach by regulators.
Recently companies such as Uber have made a virtue of taking on the regulatory status quo – innovating in a way that, at times, has challenged existing rules.
But even Uber is now reframing its offer and reworking its brand so that it is seen to be working in partnership with cities within which it works.
With the new EU regulations we are seeing the start of a regulatory bite-back against companies that fail to understand the depth of consumer feeling about issues such as privacy – issues that blur the distinction between consumer marketing and public affairs.
Governments have been focused on a broadly permissive approach to regulation – particularly here in the UK.
With the EU’s new regulations, tech and digital companies need to pay far more attention to the regulatory response to live social and political issues and a rapidly maturing, and perhaps enveloping, public policy agenda.
Ideally companies should pre-empt the regulatory response and set the terms of debate themselves – earning trust and legitimacy in the process.
This means strengthening public policy capabilities, and developing the skillset to articulate technical issues to a consumer audience.
Reliance on brand and product will increasingly not be enough – a political strategy will need to be overlaid and fully integrated, to say nothing of the implications of an ever more complex regulatory compliance process.
In the case of the new EU rules, there will now be a two-year process of implementing the regulations into national law – and for companies to get their heads around all the implications; and for our industry to help those companies get ahead of the reputational risk and opportunities.
The EU’s regulations on data protection shows that for tech and digital companies, regulation and reputation have never been more intertwined.
Christopher Hall is a senior consultant at Bell Pottinger