The General Data Protection Regulation (GDPR) is about to come into force and your business must be prepared. The regulation, which took effect on May 2018, will govern how organizations process, store, and protect data.
The GDPR creates obligations for businesses that handle data belonging to European citizens, whether those organizations are in the European Union (EU) or not. The regulation introduces data breach notifications into European law for the first time, making organizations responsible for managing personal data and imposing severe penalties on those that do not.
However, this new regulatory challenge does not have to be intractable. Smart executives who consider the three key areas of compliance, data protection, and customer control can turn what might otherwise be a bind into a business opportunity.
Gartner suggested that organizations are already at risk of drowning in data. As data sets grow and business processes become more complex, GDPR compliance will be a major hurdle for many organizations. The analyst firm predicted that more than 50 percent of companies will not be in full compliance with GDPR requirements by the end of 2018.
While the lack of preparedness is concerning, the GDPR provides a burning platform for your business to get its house in order. For example, embracing the regulation and tightening policies around the right to be forgotten will allow your business to stay compliant and ensure that marketing teams target interested customers.
Compliance should be addressed at the highest level. Under the GDPR, companies must appoint a data protection officer to set policies around the use of personal information. This top-down focus on cyber risk means your firm can create an integrated management view, complementing data protection practices with privacy and operations.
Consolidating data also enables organizations to develop a unified platform and a single, 360-degree view of the customer. With a joined-up approach to customers and data, your business can use information to create customer-centric services to help boost the customer experience and create a competitive advantage.
While May 2018 is a hard deadline, organizations will continue to face further demands to do more with data, particularly given the rise of the Internet of Things (IoT) and the use of sensor data. Managers must use GDPR as an opportunity to engender cooperation around the smart use of data and to build digital trust among valued customers.
Although the GDPR has been ratified by the European parliament, it imposes strict rules on firms processing data anywhere in the world. The rules are applicable to all EU member states, affecting international companies with European operations or customers. In a digital age of interconnectedness, no significant business will be immune.
A PricewaterhouseCoopers (PwC) report suggested that the threats of high fines and impactful injunctions have led many executives to reconsider the importance of the European market. Almost one-third (32 percent) of executives intend to minimize their presence in the EU, while 26 percent plan to abandon the market altogether.
Although complying with GDPR is costly, closing doors on a powerful, regional trading bloc could have greater revenue ramifications, particularly as the potential for global commerce continues to increase in the digital age. Smart organizations will embrace the data protection demands—and seize the opportunity to reduce data risk and customize policies and practices accordingly. To ensure data protection across the GDPR provisions, organizations will need to work with a host of partners, including technology vendors.
Your business must recognize that the management of these vendors will be a key challenge through 2018 and beyond. Interoperability across the technology stack, particularly between IoT systems and technology vendors, will become vital for firms looking to gain insight across their ever-growing data sets.
GDPR gives data control to your customers, providing enhanced digital rights for individuals and new legal obligations for businesses that gather and use data. The regulation will ensure that personal data cannot be used for a secondary purpose without consent. It will also establish new rights around data erasure.
The starting point for dealing with customer control should be a thorough understanding of the customer data your firm possesses. Your business must know if it holds personally identifiable information (PII), how that data is sourced and held, and who in the business has access to that knowledge, in terms of both viewing and processing.
Penalties for noncompliance when processing information belonging to European citizens are significant. GPDR will introduce fines of up to 20 million euros or 4 percent of annual worldwide turnover—whichever is greater. Globally, the potential cost of noncompliance could run into billions of pounds.
Still, taking control over the processing of data presents an opportunity. Customer control means your highly valued clients can take command over the portability of their data. Recognizing what data matters to your business—and how it must be stored and processed with consent—will help create a tight bond with customers.
Data professionals can use the looming GDPR as an opportunity to improve the quality of their customer data. By establishing a 360-degree view of customers, businesses can tailor services to reduce the likelihood of churn. Establishing governance for impending GDPR requirements can also help organizations deal with related regulations, such as those designed to prevent money laundering and fraud.
Do not wait for deadline day. By focusing on compliance, data protection, and customer control now, your business can use the GDPR as a platform to establish a new era of digital trust with your customers. Executives who excel across these three areas will enable their companies to generate value from GDPR this year and long into the future.