The arrival of the new General Data Protection Regulation (GDPR) is now just a matter of months away. As a result, millions of organisations across the UK will be stepping up their efforts to ensure compliance as we edge closer to 25th May 2018.
GDPR will be the biggest overhaul in data protection law in over 25 years. The result of four years of consultation by the European Union, GDPR will replace the current 1998 Data Protection Act. Under the new regulation, organisations will be required to abide by stricter legal guidelines on how they process personal data.
At its most basic level, GDPR will require companies to provide consumers with clear and transparent guidelines about how their personal data will be stored and used, whilst also granting them quick and easy access to this data. As a result, these regulations will effectively democratise data privacy for consumers, as businesses will need their explicit consent before storing or processing personal data.
>See also: Turning GDPR into a business opportunity
These new rules come after various high-profile cases across the continent in which data privacy was compromised in ways previously unheard of. For example, Facebook received a €1.2 million fine from Spanish courts earlier this year for violations of data security, as data on religious beliefs, ideologies, and preferences was illegally used for advertising purposes.
Although this may seem like a hefty price to pay, the cost is negligible for a company the size of Facebook. However, the penalties that companies could receive for failure to comply with GDPR could be much higher – up to €20m or 4% of their annual turnover, in fact, whichever is higher.
This may seem like a daunting prospect, but most companies should see GDPR as a positive opportunity for change, rather than a threat. After all, the rules set out by GDPR may finally give them the impetus they need to modernise their systems and improve their data protection policies.
GDPR: an evolution, not a revolution
There’s no denying the short-term effort that will be needed to achieve compliance with GDPR. However, the work required will largely depend on the extent to which an organisation has already met existing data protection standards.
For some companies, this is good news – but unfortunately, many of the UK’s least digitally mature organisations still fall foul of the 1995 Data Protection Act. For these businesses, the investment needed to comply with GDPR regulations should simply be viewed as deferred costs from work that should have been done to improve data security years ago. Seen in this light, GDPR is not a revolution, but an evolution.
It’s important to realise that the digital landscape is always evolving, and that GDPR is simply the latest development. With digital transformation on the agenda for many businesses, GDPR is a great opportunity to bring a company’s systems out of the dial-up era and into the cloud computing age. Who knows, it could even pave the way to other progressive technologies like chatbots and AI.
This kind of future gazing attitude to GDPR is necessary to make it a success. Those who can look beyond the short-term pain of compliance will be able to see the long-term benefits that GDPR will have on the security of their customers’ data.
A trust building exercise
The average consumer was once blissfully ignorant about how businesses were using their personal information. However, today’s consumers are now savvier than ever when it comes to data storage and usage.
For businesses then, there is a certain amount of consumer trust that needs to be gained and maintained, and GDPR is a great place to start. Those companies that can embrace this new legislation and show a willingness to comply will send a clear message that they really care about protecting the data privacy rights of their consumers.
Viewed in this way, data protection can be seen as an act of corporate social responsibility as much as a legal requirement. As a result, businesses can use compliance with GDPR to boost their public image and win the trust – and loyalty – of their customers.
>See also: The General Data Protection opportunity
Focusing on positive outcomes like these is important, as GDPR compliance is an inevitability that all businesses will need to face. Any changes that are required will need to be incorporated into everyday processes and acknowledged and implemented by all employees, from senior management to the most junior members of staff.
Compliance with GDPR will no doubt require a fair amount of digital heavy lifting and a clear company strategy, but businesses should not ignore the many opportunities created by this regulation. It may seem counter-intuitive, but those with the most work to do actually stand to make the greatest gains. By embracing this change with a positive attitude and a focus on improving current systems, these organisations can reap rewards far beyond compliance alone.
Sourced by Jim Bowes, CEO and founder of Manifesto