Top 5 Unexpected Consequences of GDPR

Share this post:

The European Union’s General Data Protection Regulation (GDPR) is finally here, promising to put individuals back in control of their personal data and harmonize data protection and privacy laws across Europe.

But with the May 25 grace period deadline behind us, it’s becoming clear that the regulation will have far greater impact on business and society than intended. From sparking new-found trust in organizations, to paving new paths to AI, to actually creating a possible problem for cyber-security experts, the unexpected consequences of GDPR are profound. Here’s a snapshot of what we deem as the top five, with suggested courses of action for each.

  1. New Trust, New Relationships. A 10,000-person online poll conducted by Harris in April found only 20 percent of respondents “completely trust” companies to safeguard their data ( That’s certain to change with GDPR. With restored trust in tech, individuals may even want to share more precise data with companies in order to benefit from more personalized products and services in line with their interests and needs. As the world’s largest steward of enterprise data, IBM is calling on other companies not only to comply with regulation like GDPR, but to put in place deeper principles for data responsibility and trust.
  2. Paving a Path to AI. GDPR could be seen as a Marie Kondo for data centers. For many, big data has become a big mess. As a result, data scientists currently spend almost 60 percent of their time organizing and cleaning it before they do anything with it. In requiring companies to discover, organize, govern and catalogue their data – and deleting what they don’t need – the GDPR is actually helping organizations lay the foundation for machine learning and artificial intelligence – technologies that learn as they go and discover insights at speeds never previously possible. As Rob Thomas, General Manager, IBM Analytics, likes to point out, “Your AI system is only as good as the data that goes into it.”
  3. Curbing Cybercrime Stoppers. One of the more controversial consequences of GDPR that’s beginning to boil over is the unintended impact on Web domain registration information – the personal contact information for anyone who registers a web site. Such data, readily available upon request to registrars, has been a key tool for cybersecurity experts and law enforcement to quickly connect malicious domains to cybercriminals. As a result, these organizations have been able to do everything from blocking millions of spam messages from suspicious domains, to actually tracking down and prosecuting cyber criminals. But because of GDPR, domain registrars are no longer providing easy and rapid access to such data for fear of being non-compliant and hence, subject to GDPR’s hefty penalties. Regulators and tech experts are scrambling to hammer out a solution.  
  4. Advanced Encryption On the Horizon. GDPR is forcing companies to ensure the highest possible levels of protection and privacy – from hackers to data processors themselves. Fully homomorphic encryption – akin to sealing and analyzing data in an impenetrable bag – is seen as the Holy Grail of encryption technologies. It’s been in development for years but still isn’t quite fast enough to be viable; however, recent advances promise to accelerate its commercial availability. Companies are already using a new generation of pseudonymization technologies to strip out the most sensitive personal information from data, replacing it with something fake so it can be analyzed and shared while still respecting privacy. For example, the Dutch bank Rabobank is replacing the names of banking customers with the Latin names of flowers before sharing it with software developers for app testing. Necessity is the mother invention.
  5. A New Cottage Industry: The Data Trust. With data rapidly turning from a company’s biggest asset to its biggest potential risk, some businesses may choose not to manage any of their own data. Instead they may ‘offshore’ it to an expert third-party who can store, process and eventually delete the data in a way consistent with regulations like GDPR. These fascinating new entities are called “data trusts.” Earlier this year, IBM and MasterCard set up the industry’s first: ‘Trūata’ which promises to manage, anonymize and analyze vast amounts of personal information held by companies such as travel agents and insurers. It’s a bit like keeping money in a bank rather than hiding it away at home in order to benefit from better security and other value added services – only in this case, the data that’s put in the trust isn’t pooled or mixed together.

Overall, despite the effort involved, according to IBM research over 60% of business leaders see GDPR as a blessing in disguise: a way to drive digital transformation across the enterprise and innovate new data-centric business models. IBM’s take is that sometimes intense pressure and constraint lead to great innovation and that business leaders should embrace the regulation – they may be surprised by some of the benefits.


End of the beginning INFOGRAPHIC

Global GDPR Evangelist, IBM

More GDPR stories

World Community Grid Joins in the Fight Against COVID-19

Challenging times can bring out the best in people, and these past few weeks are proof-positive. Amidst a great deal of uncertainty, anxiety and frustration caused by COVID-19, it is heartening to see communities coming together (while standing six feet apart, of course) to address the pandemic. There’s so much to be done. One easy […]

Continue reading

When Working Remotely Creates Anxiety, Remote Resources Can Help Our Workers

Even in the best of times, more than 10 percent of the world’s population suffers from illnesses like anxiety and depression. Now, because of the coronavirus pandemic, we may be in the worst of times for mental health. A new U.S. public poll by Axios/Ipsos found that adults surveyed reported worsening mental and emotional health […]

Continue reading

Accelerating Digital Transformation with DataOps

Across an array of use cases, AI pioneers are employing a core set of new AI capabilities to unlock the value of data in new ways. According to the 2019 IBM Global C-suite study, leaders are using data 154% more to identify unmet customer needs, enter new markets, and develop new business models. These leaders […]

Continue reading