 Welcome back everybody, Jeff Frick here with theCUBE. We're in downtown San Francisco at LinkedIn's brand new headquarters up here at Data Privacy Day 2018. We're here last year, conference is growing, a lot more people here, a lot more activity. We're excited to have a sponsor, Craig Goodwin. He's the Chief Security Officer of CDK Global. Great to see you. Great to be here. Absolutely, so for people who aren't familiar, give us a quick kind of overview of what is CDK Global. Sure, so CDK Global runs automotive technology. So we enable technology for automotive dealerships, original equipment manufacturers, and we run a lot of the technology across the US and the rest of the world. So I think last estimate's about 500 billion worth of automotive transactions, whether buying a car, servicing a car, or went through CDK systems. Okay, so it's the systems, it's the business systems for these automotive companies. It's not like we were just in an autonomous vehicle company the other day, it's not those types of systems. Yeah, correct, I mean we're helping with that, right? So a lot of our technology is connecting with IoT and connected vehicles, helping to take in data from those vehicles to help automotive dealerships to service the vehicles or to sell the vehicles. So we ingest that data and we ingest that technology, but essentially we're talking about the data in the dealerships. Okay, so how have you seen things evolve over the last couple years? Well definitely with extra regulation, right? With people and the way that the privacy dynamic is changing, consumers are becoming much more aware of where their data is going and who's using their data. So we've heard an awful lot today about the privacy of people's data and how the industry needs to change. And I think consumers generally are getting much more educated on that. And therefore they're asking companies like ourselves who deal with their data to be much more robust in their practices. And we've also seen that in a regulation point of view, right? So governments, the industry are pushing businesses to be more aware of how they're using consumer's data, which has got to be a positive move in the right direction. Right, but it's kind of funny because on the flip side of that coin is people who are willing to give up their privacy to get more services. So you've got kind of the older folks who've been around for a while who think of privacy and then you've got younger folks who maybe haven't thought about it as much are used to downloading the app, click it on the ULA and their phone follows them everywhere they go. So is it really more the regulation that's driving the change or is it just kind of an ongoing kind of maturation process of stewardship? Is that what I would say? Yeah, it's a combination of both, I would say. And you make a great point there. So if you look at car buying, right, say 10 years ago, pick a number randomly, but 10 years ago, people wouldn't have been comfortable buying a car online necessarily. Definitely not all online. They'd have to touch it somewhere else, feel it physically, right? That's changing and we're starting to enable that automotive commerce so that it starts from the online and ends up in a dealership still. So they actually sign the paperwork but essentially they start that process online. And that's making people more aware, as you say. I think some of the regulation, you look at GDPR in Europe, spoke about that a lot today, naturally. And some of that regulation is helping to drive companies to be more aware. But where I see the biggest problem is with small to medium-sized businesses. So I think if you talk to larger businesses, you were speaking to Michelle from Cisco. Some of those larger businesses, this privacy thing's been built in from the beginning. Companies like CDK, where we were aware we were dealing with a lot of data and therefore the GDPR regulations is more of an incremental change. It just ramps up that focus on privacy that was already there from the outset. The biggest problem and where we see the biggest kind of change here is in the smaller to medium-sized businesses. And that's talking about dealerships, smaller dealership groups where perhaps they haven't been so aware of privacy. They've been focused on the sales and not necessarily the data and technology. And GDPR for them is a significant step change. And it's down to industry and larger vendors like ourselves to reach out to those smaller dealerships, those smaller medium-sized businesses and help them to work with GDPR to do better. But can they fulfill most of their obligations by working with companies such as yours who haven't baked into the product? I would imagine that's the solution, right? If you're a little person, you don't have a lot of resources. And I would say it's about sharing in the industry, right? So it's about reaching out. We talked to Cisco today about how they're building it into their technologies. A lot of the smaller businesses use companies like CDK to enable their technology. So there's an awful lot we can do to help them, but it's not everything, right? So there are areas where we need to educate consumers a lot better, where they need to work with the data and work with where the data goes in order to understand that full end-to-end data flow within their systems. You know, we work a lot of dealerships who perhaps don't understand the data they're collecting, you know, don't understand the gravity of the information that they're collecting and what that truly means to the consumer themselves. So we need to educate better. We need to reach out as bigger organizations and teach smaller businesses about what they're doing with the data. And was there specific kind of holes in process or in data management that the GDPR addresses that made a sea change? Or is it really just kind of ramping up the penalties so you need to really ramp up your compliance? Well, it really is incremental, right? So if you look at things that we've had in Europe for a long time, the Data Protection Act that was around since 1999, for example, or 1998, apologies, it's a ramp up of that. So it's just increasing the effectiveness. If you look at the 12 points that exist within GDPR about what you need to know or a consumer should know about their data, rather than just who's collecting it, it now includes things like when you change that data, when it moves, who it goes to from a third party perspective. So really it's just about ramping up that awareness. Now what that means for a business is that they need to know that they can gather that data quickly. So they need to be clear and understand where their data is going. And CDK is a great example of that. You know, they need to know what data they're sharing with CDK on what systems it exists. And in fact, how they would remove that data if a consumer was asked for that to happen. You know, as we know in the cloud, there is no deleting, right? It just isn't in the cloud. It's there forever. I mean, it really drives home kind of an AS, you know, application service provider services because there's just, I mean, there's no, I could just see the auto dealership, right? Some guys got his personal spreadsheet that he keeps track of of his favorite customers. Clearly, I don't think that's probably falling in compliance. Absolutely. Yeah. And it can, right? You can work really hard. So it is a process problem. You identified that before, right? There is a lot of process here. Technology isn't a golden bullet. It's not going to solve everything, right? And a lot of it is process and mentality driven. So we need to work with people to educate them. And then there's a big emphasis on the consumer as well. I think we focused on business here, but there's a big emphasis on the consumer for them to begin to understand and be better educated. We heard from some government representatives today about educating consumers, right? And you mentioned millennials and the various other groups that exist. Right. And it's important for them to understand where their data is going and where it's being shared. Because quite honestly, we had a couple of really good stories today about privacy and security professionals really not having a genuine understanding of where their data is going. So a regular consumer, someone that goes to buy a car, you know, how can we expect them without education to really understand about their data? Then what about just to jump on it? Because obviously you're from the UK and we hear all the time, right? That there's more close circuit cameras in London than probably any city else. So from, and don't answer, you don't know that. Question, but like from a government point of view, and, you know, let's just take public red light cameras. There's so much data. So is the government in a position? Do they have the same requirements as a commercial institution and how they keep manage and stand on top of this data? Yeah, absolutely. So I think, you know, having come from a government background initially, I think the rules and regulations there are much more constrained, constrictive than perhaps commercial side is. And I think what you'll find is a lot of the government regulations are now filtering through into the commercial world. But actually what we're seeing is a bit of a step chain. So previously maybe 15, 20 years ago, the leader in the industry was the government, right? So the government did the regulations and it would filter through commercial. Actually what we've seen in the industry now is that it's flipped on its head. So a lot of the stuff is originating in the corporate world. You know, we're close to Silicon Valley here, the Facebooks of the world. You know, a lot of that stuff is now originating in the commercial side. And we heard from some government people today, you know, the government are having to run pretty fast to try and keep up with that changing world. And a lot of the legislation and regulation now, actually, is a bit historic, right? It's set in the old days, we talked today about data and watching you move around and geolocation data. You know, a lot of that legislation dealing with that is probably 10, 15 years old now and exists in a time before you could track your phone all over the world, right? So governments have to do some more work. I think ultimately, look at GDPR, I think ultimately the way to change the industry is from a basis of regulation. But then as we move through, it's got to be up to the companies and the commercial businesses to take heed of that and do the right thing, ultimately. It's just so interesting to watch. I mean, my favorite is the car insurance ads where they, you know, they want to give you the little USB Gizmo to plug in to watch you. And it's like, well, you already have a phone in your pocket. You don't really need to plug it in and all your providers know what's going on. So exciting times, another good opportunity for you. Yeah, absolutely, absolutely. I hope so. All right, well, Craig Goodwin, thanks for taking a few minutes and sharing your insights. Appreciate it. Appreciate it. All right, he's Craig, I'm Jeff. You're watching theCUBE. We're Data Privacy Day 2018. I can't believe it's 2018. Thanks for watching. We'll catch you next time.