Unless you’ve been living under a rock for the last few months, you’ve almost certainly heard about the General Data Protection Regulation (GDPR).
Despite the decision being taken to implement the regulation in 2012, it has taken 4000 amendments; a feisty parliamentary debate and strong pressure from lobbies and internet companies, for the new regulation to come into force on 25th May 2018, almost six years later. The GDPR marks a drastic change in the way we will have to handle privacy, no longer is it simply a compliance exercise, data privacy will instead become a matter of (good) corporate governance.
For organisations that have already taken the decision to integrate GDPR into corporate governance, the roadmap to compliance may not be as complicated – but the key point is that the GDPR will introduce a new approach to privacy and data governance, making it process and risk based rather than purely policy focused.
It’s a cultural shift – and a very positive one. Whilst data is seen as the most important asset businesses have, citizens do not seem to trust organisations handling their information and it’s hard to blame them after the recent news about data breaches in the NHS or Halifax.
Taking individuals rights seriously will almost certainly provide businesses with a competitive advantage. Empowering your client base by asking them to decide how they want to receive information, making privacy part of the customer journey and being very clear with customers about what happens with their data will help businesses thrive and leverage their main assets, data and customers
These days, there is a lot of buzz around GDPR with new products popping up every day – be it a new tool around consent or a new system to analyse the data you hold. These solutions are leading the way and it is good to see so many organisations coming to terms with the importance of good data governance.
However, there are also a lot of myths and fear mongering announcements, from huge fines about to hit companies to claims that all data must now be encrypted.
GDPR is first and foremost a transformation programme and good programme management is therefore a key part of it. Second, GDPR is about a cultural shift within organisations and needs the whole business to pull together in order for it to be successful. Finally, the GDPR is about risk assessment and creative solutions focused on the nature of each individual business – and this is where legal and technology pull together, as technology is there to leverage privacy and make it work.
Ultimately, this is a great chance for organisations to become more competitive, improve customer care and improve global reach, as GDPR may become the international standard for the protection of personal data not only the EU, but globally. Good strategic advice is crucial to success and provides the ability to make the most of the opportunities ahead.
If you would like to find out more about GDPR you can visit our dedicated pager or you can download a number of our thought leadership pieces:
- Virtual Data Protection Officer product sheet;
- GDPR insight paper;
- ISO 27001 and GDPR; and
- GDPR Factsheet.
Alternatively if you would like to contact us please do so on +44 (0)20 7090 1091 or at email@example.com