You shouldn't need GDPR to tell you how to treat your customers

GDPR 2016 is now in force. But the sentiments behind it have been growing for years.

The real shame is that most businesses didn't design privacy rights into their operations.

I'm sure you've received a raft of privacy policy updates these last few weeks as newsletters and subscription services come in under the wire. If you read the fine print (do you?), you'll see that you now have the right to know how your data is being used, and to withdraw it at any time.

I recently spoke with a victim of identity theft. If you doubt the right to privacy, consider how you would cope with 5 years of poor debt rating, or being mistaken for a criminal.

It seems that privacy has been in the news since the day we found ways to disrespect it. In a world where data is more valuable than oil, businesses are conflicted between respect and revenue. Regulation is one way to mitigate this conflict by reminding the forgetful and detering the malicious.

And though GDPR only applies to companies who wish to conduct business in the EU, its benefits should be global. While the regulations introduce costs that many will detest, they are simply mandating that privacy be designed in to any business that deals in other people's data.

The issue here is that privacy—like Y2K—was not designed in from the beginning. If that need had been universally foreseen, there's no reason why providing individuals with control over their own data would be more costly.

We only have to look at Facebook's positive reaction to the recent storm around their custody of users' data to see how this is possible.

Have you overlooked anything?