This is a bold statement but your personal data itself has indeed no economic value. It is your processing of personal data that creates value for your business.
By way of example, when someone posts a cuisine recipe on Facebook, this information is of no interest whatsoever to anyone. But when that information is available on millions of people, Facebook can mine the data and process it, for example to inform menu decisions in a recipe book. Facebook has created value from a worthless piece of data!
Whether you process personal data for customer management, direct marketing or other purposes, you are building a collection of intangible assets (similar to intellectual property rights) that require attention and protection.
Your data should be regarded as trade secrets … and protected as such!
At the very minimum, you should treat this data as your confidential information or as your trade secrets. Trade secrets give you a competitive advantage, but only as long as they remain secret. So you need to take steps to protect the confidentiality of your information.
You also need to consider the protection of the individuals who entrusted you with their personal data. If you fail to do so, some individuals may take offense and file a complaint against you. Even if the complaint is unfounded, the publicity surrounding it may stain your reputation.
Implementing the GDPR will help you understanding the value of your data
This is where the new General Data Protection Regulation (GDPR) steps in. Contrary to a widespread belief, the GDPR recognizes the economic value of personal data and aims at providing a level playing field for all businesses that make use of the data. The GDPR explicitly recognizes “the importance of creating the trust that will allow the digital economy to develop across the [EU] market” (Recital 7, GDPR) and endeavors “to remove the obstacles to flows of personal data within the Union” (Recital 10, GDPR). More specifically, “to prevent divergences hampering the free movement of personal data within the internal market, a Regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises” (Recital 13, GDPR). The GDPR goes even further by stating that “The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data” (Recital 13, GDPR).
In other words, the GDPR isn’t about creating barriers for data hungry businesses, it is rather about raising awareness of the value of personal data. Implementing the GDPR in your business isn’t just a compliance activity, it is an eye-opener for the management to take stock of the value of such data. Implementing the GDPR will reveal to you the economic value of the personal data you process, so that you will be in a position to treat it as any other valuable intangible asset.
How can we help you?
We at CALYSTA specialize in the protection of intangible assets and would like to share with you how you can valorize and protect your personal data. Our methods are non-disruptive, business oriented, cost effective and tailored to small and medium companies. Our GDPR expert Guy Breitenstein is a Data Protection Officer certified by the Solvay Business School.
If you are interested in learning more about how CALYSTA can support you in the valuation and protection of your personal data, please click here and we’ll be in touch.