Data awareness is a community effort: Larger companies need to share their knowledge to help everyone become data privacy savvy.

May 25, 2018, marks the implementation of the General Data Protection Regulation, which affects any business with European operations. Big deal? Maybe not for larger companies who just need to ramp up existing procedures, but it could mean a significant step-change for small and mid-sized businesses who have traditionally worried about making sales more than protecting customer data.

“It’s about sharing. It’s about reaching out,” says Craig Goodwin, vice president and chief security officer of CDK Global LLC, which provides information technology and digital marketing solutions to the automotive retail industry. “There are areas where we need to educate consumers a lot better — where they need to work with the data and work with where the data goes — in order to understand that full end-to-end data flow.”

Goodwin spoke with Jeff Frick (@JeffFrick), co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Data Privacy Day event in San Francisco, California. They discussed the evolution of data privacy concerns, as well as how businesses are dealing with new data privacy regulations, such as GDPR.

Education is the big guy’s responsibility

GDPR is no big deal to CDK, according to Goodwin. The company is ramping up its “focus on privacy that was already there from the outset,” he said. While dealerships who use CDK’s software have the benefits of baked-in security, they may not understand the gravity of the consumer information they collect.

Goodwin believes that as well as providing technical solutions, companies like CDK have a responsibility to educate smaller companies so they are aware of the full end-to-end data flow within their systems. The questions to ask, according to Goodwin, are: “What data do you have?” “How are you sharing?” and, “Could you remove data if a consumer asked?”

Widespread education on data privacy is essential as new technological advances provide more and more access to private consumer data, Goodwin pointed out. Traditionally, the government sector led the field in safeguarding data privacy, and regulations filtered down to the corporate world. But today, privacy regulations are originating in the corporate world, and the government has to run fast to keep up.

“I think, ultimately, the way to change the industry is from a basis of regulation. But then as we move through, it’s got to be up to the companies and the commercial businesses to take heed of that and do the right thing,” Goodwin concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Data Privacy Day.

Photo: SiliconANGLE