The General Data Protection Regulation (GDPR), Europe’s long-awaited privacy law, went into effect in May with much fanfare and many a new website pop-up, requesting user agreement to privacy policies.
How’s it going? Consumers may be frustrated by (and still not aware of the reasons for) all that clicking, but Caroline Louveaux, Executive Vice President and Chief Privacy Officer at Mastercard speaking at the Fortune Most Powerful Women International conference in Montreal, Canada Tuesday morning gave the law high marks. “There have been many benefits for us,” she said, adding that for the financial payments company, GDPR has “not been a revolution, more an evolution” thanks to Mastercard’s previous efforts and investment around privacy.
Specifically, she highlighted the harmonization of laws GDPR provided and the positive impact that has had on business. Previously, Mastercard had to address a patchwork of regulation across the continent. “Just one law for all activities across Europe is priceless,” she said, adding that she hopes the U.S. will harmonize its many, varying laws too.
Louveaux remarked that the GDPR has also provided Mastercard a valuable opportunity to rethink their product development process. She said that it is essential that companies now embed privacy in products and services by default, a process known as “privacy by design.”
It’s also been an important opportunity to raise awareness about data privacy, said Louveaux. Mastercard has used the moment to educate employees on the topic, from the product and sales team to the CEO.
While rating the new law favorably, Louveaux conceded that GDPR brought many challenges too, particularly the need to update all contracts with customers and partners—Mastercard has “tens of thousands” of both, she said—with very specific language depending on the roles and responsibilities of those handing data. “It was a bit painful, but we made it,” she said.