The memories we choose to keep
OPINION:
Rob Cameron passed away last week.
Doyen of the investment banking community, the driving force behind many of the privatisations that came out of the fourth Labour Government and the intellectual horsepower behind everything from the Capital Markets Taskforce to the Fonterra Shareholders Fund; Cameron cast a long shadow across the business landscape.
I first met Rob in 1994. He and his two partners in crime, Murdo Beattie and Ian Dickson, were working on the securitisation of Mortgage Corporation loans and approached Logos (where I worked) for a hand with the communications. Rob was smart, effulgent and completely without ego. We got talking about hunting and TV theme tunes; and a friendship was forged.
Soon after this, the three of them left Fay Richwhite to set up Cameron Partners and our paths continued to cross as Cameron got increasingly involved in digital businesses and market restructuring.
Outside of work, I was lucky enough to periodically go deerstalking with Cameron and enjoy his razor-sharp mind and wonderful bonhomie. Not to mention his excellent singing voice.
Like many, I saw him apply that mind to the challenge of cancer and, through careful diet and supplements, get another eight years of active living and giving back to the community.
One of the things I remember Cameron saying in the planning stages of a transaction was: ‘‘What are the gotchas we need to look out for, what’s going to bite us on the bum’’?
It’s a good question and a timely one as a quiet change creeps up on thousands of Kiwi companies which do business in Europe. It’s all about data, and specifically the protection of personal data.
The General Data Protection Regulation (GDPR) is a new European Union data-privacy law. It comes into effect on May 25, less than three months away.
GDPR creates one single data protection framework across the entire European Union and gives all Europeans substantially improved privacy rights.
It includes some pretty bleeding-edge initiatives, including not just the right to access personal data held by private companies, but also the right to get that data digitally for free, and to port it to another controller.
It also includes the right to be forgotten. Also known as Data Erasure, the right to be forgotten means you can require the data controller in a company to erase all of your personal data and halt third-party processing of that data.
Often described as being the nirvana of privacy, the right to be forgotten will be law in the EU in three months’ time.
European companies that do not comply with GDPR face fines of up to 4 per cent of their financial turnover or up to €20 million (NZ$38.8m).
This not only puts all those businesses on watch, but also extends to the companies they do business with, even if they aren’t in Europe.
Yep, you heard that right. If your company does business with a European company, or if it holds the personal data of European residents, then it needs to be GDPR compliant before the law comes into effect.
It doesn’t matter if your company is physically in Europe or just deals with them digitally, the same rules apply.
Equally, if you only do business with British companies, you are still caught as Brexit hasn’t happened yet, and even when it does, the Poms are likely to put in place the same law or something pretty close to it.
The implications of this are significant. If you are a small startup offering a web service used by just a few European residents or businesses, then you must comply.
Likewise, if you are a huge company with tens of thousands of European clients, like Air New Zealand, Fonterra or Xero, you are caught.
At a minimum you need to create a register of what European private data is held and why, work out how long you need to hold that data and get permission from the people for certain classes of data to be stored (particularly sensitive data like biometrics).
You also need to appoint an EUcompliant data protection officer. Significantly, if a consumer asks you to permanently forget them, then your systems need to allow for this.
If you are a chief information officer reading this, then you will know it’s not as easy as it sounds.
While there was a bit of noise about this last year and a useful overview by New Zealand Trade and Enterprise, it’s been quiet as a grave this year and many companies will have simply never heard of it. Companies that could get bitten on the bum.
Another of Cameron’s phrases was: ‘‘What’s the upside here?’’ In the case of GDPR, there’s a decent upside for Kiwi companies complying.
First, there’s the opportunity to strengthen customer engagement by asking them for permission to keep in touch for useful purposes and to correct any inaccurate data.
Then, once you are compliant, there’s the opportunity to harness it as a differentiator against competition, or better still, go into the business of doing overnight batch processing of European data.
Sounds a nice little opportunity. Too bad Cameron isn’t around to have a crack at it.
❚ Mike ‘‘MOD’’ O’Donnell is a professional director and writer. His Twitter handle is @modsta and he has fond memories of singing Beatles songs with Rob Cameron at Te Awaiti Blowhard Hut.
The implications of this European privacy law are significant.