Jon Cooper, Company Secretary at SteelEye, a compliance tech and data analytic firm, and Director of CooperFaure Accountants, discusses how businesses can begin preparations for GDPR’s impending deadline and the benefits they may see as a result.
The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and will impact almost every company that deals directly with customer data. Whilst nine months may seem far away, the time to start planning is now. The resources associated with implementing GDPR procedures may be costly for businesses, but it is a fraction of the cost compared to those associated with noncompliance, including fines of up to 4 per cent of annual turnover or €20 million, whichever is higher.
Although meeting the strict compliance requirements may be seen as a burden for many, GDPR can also serve as an opportunity for businesses big and small to benefit in the long term. Among these key benefits are the ability to increase data security, enhance customer centricity, stimulate innovation and improve brand confidence among customers.
Preparing for Implementation
When preparing for GDPR, one of the first steps businesses should take is to fully communicate the new policies and systems to staff. Prior to the implementation date, a firm’s management team must ensure all staff receive comprehensive training in business practices, protocols and internal procedures.
Updating and managing current data will also help ensure businesses are in line with regulations for May 2018. If your business relies on individuals’ consent to process their data, now is the time to begin reaching out to them for approval and to validate that you received it prior to GDPR coming into force. As the business will be responsible for data security, stored data should be reviewed for obsolete and duplicated information. Holding unnecessary and multiple versions of data will only increase your chances of non-compliance or data breaches that come at a very heavy price.
To manage these requirements, an external risk assessment or a third-party system should be considered for those firms who do not have the resources to introduce a compliance or data officer role. This will help to guarantee you are in accordance with GDPR principles, including those on data collecting, reporting and security.
Apart from these measures, businesses should be proactive by preparing a contingency plan for a possible data breach and continuously review organisational practices.
Monitoring for any new guidance, continuously reviewing policies and improving procedures will help firms to capitalise on the key potential benefits of GDPR, such as the ones I list below.
- Increase data security
GDPR will shift the way businesses think about data security, making them responsible for how they collect, store and use personal data. The strict guidelines around data security will make businesses less vulnerable to security threats, data loss and breaches, thereby decreasing the likelihood of brand and reputational damage as well as regulatory fines.
- Enhance customer centricity
Many firms currently have an overwhelming amount of customer data stored in their systems with little guidance or understanding of how to use it. GDPR promotes the cleaning of databases that will improve the overall quality of stored data. An increase in specific, personalised data will allow businesses to improve communications with existing and potential clients by sending them more relevant content, responding faster to requests and engaging with them in a way they prefer.
- Stimulate innovation
GDPR is an opportunity for firms to improve their existing processes and gain a competitive edge. Improved data storage systems can establish patterns and trends, enabling businesses to innovate and even launch new products based on organized data. GDPR also levels the playing field for businesses, with those that are the most transparent and secure likely to succeed in attracting new customers and retaining existing ones.
- Improve brand confidence among customers
Now more than ever, consumers are well aware of that their personal data is of great value to businesses. GDPR clearly outlines the individual’s rights, including how a company can use their data, that they are able to have it changed or corrected or, under the right to be forgotten, can request that their information be removed entirely. A transparent implementation of GDPR will show that a business is taking control over personal information seriously. In turn, this will create stronger trust with their customers, making them more likely to share relevant data.
Check out the GDPR Summit London, taking place on October 9th. The event is a one-day deep-dive event that will explore the effects of the General Data Protection Regulation on business critical processes.