The EU General Data Protection Regulation (GDPR) is a significant piece of legislation, as it is likely to impact quite a few industries. Let’s see which industries may be the most affected, and how.
Why would GDPR impact industries?
Almost all industries participate in the processing of personal data in one or more processes. And, GDPR is a set of rules that provide guidance for the processing of personal data. Consequently, all organisations across industries would need to adopt procedures, policies, and systems to become compliant with EU GDPR.
Which industries would see a significant impact from GDPR?
Whilst GDPR will touch most industries, some industries will be impacted more than others. Let us see which ones would be on this list.
- Industries that provide services to individual customers: Industries wherein the core business is to provide services to individual customers generally include the processing of personal data on a large scale. These industries would include financial services, insurance, retail, etc. All of these companies would need to take significant steps to comply with EU GDPR.
- Industries that provide marketing, business, process and system support services: A significant number of organisations provide business, process or system management services. All of these companies will become processors of personal data on behalf of their controllers (by whom they are contracted). While their controllers need to be GDPR compliant, GDPR also demands that processors be GDPR compliant, and they have the same liability if they do not fulfil obligations. These organisations will include cloud-based services, platform-based services, law services, analytics, event management, marketing companies, etc.
- Automobile industry: Most automobile manufacturers love to collect and process personal data about who buys their products. But, with GDPR being applicable, these companies would need to be more transparent with regard to what data they have, what they do with it, and why.
How would GDPR impact industries?
In my view, industries would be impacted in the following ways:
- Processing of personal data of employees: It is difficult to imagine an organisation with no employees; i.e., all organisations have employees. And, employees are data subjects that come under the purview of GDPR. So, all organisations need to adopt more transparency and take more accountability in the processing of the personal data of their employees.
- Processing of personal data of sales contacts: It is difficult to imagine an organisation that has no clients. The very purpose of the existence of an organisation is to serve clients. Even if the client of an organisation is another organisation, the contacts are natural persons. And, executing sales contacts, keeping their data, etc. are activities that would be classified as processing of personal data. Hence, organisations across industries would need to ensure that this processing is in line with GDPR requirements.
- Appointment of a Data Protection Officer: Most organisations that process large volumes of personal data would appoint a DPO. And, this shall happen across industries to be compliant with GDPR. Of course, there would be small companies that process very little data and offer platforms only. But, to demonstrate that their platforms comply, they would most likely choose to have a DPO. See also: The role of the DPO in light of the General Data Protection Regulation.
GDPR impacts organisations across all industries. Have you started your GDPR implementation? If not, there is still time to evaluate how your organisation is likely to be impacted, and to take the necessary steps. Don’t wait, and act now before it is too late.
To learn how to comply with the GDPR, download this free EU GDPR Implementation Diagram.
To find out the four main questions for obtaining and managing data subjects’ consent under the GDPR, see this article.