First adopted in April 2016, the General Data Protection Regulation (GDPR), which becomes enforceable on May 25, 2018, has been met with widespread controversy. Many of its elements – including the need for many organisations to have a Data Protection Officer (DPO) – have been seen as burdensome; while others have accused it of not being thorough enough, highlighting its focus on cloud providers and social networks rather than the handling of employee data.
Yet wherever you sit on the “positives” and “negatives” of GDPR, the reality is that it’s coming and it’s going to change the way most of us do business. So now perhaps is the time to look on the bright side and see how you can make it work for your organisation.
So, what are the changes?
The changes under GDPR are quite extensive, but here is a brief breakdown:
Organisations will now be more accountable for personal data protection. They will need to have security measures to protect against data breaches and make sure they quickly notify individuals if a breach does take place. In addition, depending on your processing activities, you might need to have a Data Protection Officer who will firmly understand data privacy as well as the ability to apply it to law.
Firms will need to examine their data and the way they handle it much more effectively so that it is secure right along the chain. Known as privacy by design, there should also be increased transparency in terms of both data and data transfers.
Enforcing data protection will now be stronger than it has ever been with data protection authorities having more power than ever before. Fines can be as much as four per cent of your revenues globally.
So, how does this benefit your organisation?
There are actually a host of potential benefits that come along with GDPR. Here are just a few:
Enhancing security is never a bad thing
In a year in which we’ve seen such notable cyber hacks as Wannacry and Petya, not to mention seeing giant firms like Yahoo and Uber breached impacting millions of users, should we really complain about something that is designed to ensure we take data security seriously? The impact of a cyber breach can be massively significant – not just the potential ransom that might be attached to ransomware, the downtime that your firm may suffer, but also the harm to its reputation. The measures introduced by GDPR are designed to minimise the impact of a breach and help to limit the chances of them taking place in the first place. That should be embraced.
Getting to know your customers
While compliance may be complex there are many benefits to be gained because the individual is front and centre of the requirements. GDPR establishes regulations for companies to adhere to around personally identifiable information – and to do that, they must first identify that data, determine how to process and store it, and then make decisions about its usage. By organising data you could gain valuable insights about your customers and then leverage this into your customer service as well as your marketing and sales campaigns. Do it right and what seems like a headache could quickly turn into a money spinner.
It may not be as hard as you think
Compliance doesn’t have to be a tumultuous task. A number of banks have already turned to operational data hubs that are built on a NoSQL database – this automates a lot of processes and reduces the risks of not finding data or not being able to carry out certain actions within a set timeframe. This in turn should help you avoid those dreaded fines.
Improving your reputation
Given the present climate, customers are actively looking for assurances that their data is safe. By not only meeting the regulations of GDPR, but potentially surpassing them, your business can stand on a stronger footing. Indeed taking steps to go beyond the norm could differentiate you from competitors – think of a bank that lets customers store their own data, or an online retailer that offers incentives to customers to supply data rather than simply using a third party for targeted marketing. With many organisations looking to just hit the bare minimum in terms of GDPR compliance, you can stand out from the crowd.
Taking advantage of change
Many firms are already seeing the positives of GDPR. Broker Network, the UK’s largest network of insurance brokers, recently told Insurance Business that GDPR is an “opportunity for them (brokers) to go out and speak to their customers.” It noted that a breach occurring is actually a much higher risk than a flood or a fire – and so by brokers helping businesses to apply GDPR and mitigate this risk, there are savings to be made for client and broker alike.
Indeed that applies to a variety of businesses – you now have the chance to get to know your customers on a new level, apply that to your marketing and sales, offer a cleaner service and also protect your reputation. GDPR compliance is going to take some work – but when that finishing line is passed you’ll feel like your business is the real winner.
Why not come along to our GDPR morning briefing on 6th December at Shakespeare’s Globe, London. View the full agenda and register for the event here.