In an attempt to understand and redeem the word, we spoke to some GDPR specialists to help us turn this frog into a fairy tale prince.
We spoke to:
Q: Are there any hidden opportunities in GDPR?
JB: The human side of GDPR will be equally as important as the data. Effecting culture changes across organisations with regard to how we collaborate, how we protect our businesses and how we incorporate new methodologies will be pivotal in the future of employment. It will take more than a morning group session in the conference room, but may have a much wider impact than we think.
DD: Absolutely. Through GDPR-compliance projects companies get a much clearer view of their own processes; including who in the company collects data and what kind of data is collected. This in turn often leads to improved organisational or cost efficiencies and better or combined data management between departments.
JC: There are definitely opportunities hidden in GDPR, ranging from simply gaining more control of your company and customer data to more subtle improvement of your brand presence.
Q: What should I expect GDPR-compliance to cost my company?
JB: This is inherently a trick question because not only is it dependent on what your company does and what processes are employed to achieved this, it is also much more than a ‘throw money at it and it will go away’ type of compliance. Contrary to some popularised beliefs, the biggest threats to our data systems are not malicious hackers’ hell bent on bypassing your firewalls, but more often careless and negligent employee behaviour that invites opportunism. The average employee is often an unwitting data breach because they have never been appropriately trained in basic data security.
Q: What are the three most important things to do when implementing GDPR?
DD: I can easily think of 10 important things to do, but my top 3 would be:
JB: My top three are:
JC: I would suggest that all companies:
Q: Finally, what is the one piece of advice you would give companies regarding GDPR?
DD: As a lawyer and data protection officer I mostly tend to look at GDPR in terms of what to do when it goes wrong. It is my opinion that (especially large) organisations can never be fully GDPR compliant and that it is more important to show that you are making every effort to do so. By that I mean that you should always be able to provide proof that you have and are continually protecting the rights of the ‘Data Subject’. Obviously I can’t make any guarantees, however this should stop you getting fined and limit consequences to constructive feedback from your local Data Protection Authority.
JC: My one piece of advice would be to take GDPR seriously. Understand your current position, build a plan to become compliant, budget realistically and start to execute the plan.
JB: I think I can only re-iterate my point regarding the human factor of GDPR compliance. Every employee needs to have a basic understanding of the new digital age in which we operate and be equipped to take suitable precautions accordingly.
Beyond all the rules and regulations, it’s important to look at GDPR as an opportunity as well, as a chance to create an in-depth understanding of your business and to delve deeper into your existing business processes. You may not be ready to shout “long live GDPR” yet, but don’t settle for doing the bare minimum without considering all the potential benefits GDPR can bring your company!