With just over three months left to prepare for the new General Data Protection Regulation coming into force on 25 May 2018, many businesses view GDPR as a four letter word.
Driven by the ‘stick’ of significant fines and reputational risk, many businesses have adopted a GDPR plan to address compliance in time for the new regulation – but what many businesses overlook is the ‘carrot’ of the GDPR and some of the opportunities it offers.
REDUCED DATA STORAGE COSTS
Carrying out a data mapping and data flow analysis allows companies to improve their understanding of their data. During an exercise of this nature many businesses find that personal data is replicated in several repositories across the organisation. Applying the data minimisation requirements of the GDPR encourages businesses to consolidate information into a single source and this can significantly reduce data storage costs.
CYBER SECURITY AND OUTSOURCING
Compliance with the GDPR’s requirements to put in place appropriate “technological” and “organisational” measures to ensure data security is an opportunity to address the ever- increasing threat of data security breaches. TalkTalk is an example of a company whose business has been significantly impacted by two different types of security breaches – one technological (a cyber-attack) and the other organisational (individuals at its IT services company in India unlawfully accessed the details of customers). As well as incurring an initial fine of £400,000 in 2016 and a further £100,000 fine in 2017, the impact of data security breaches on TalkTalk’s reputation has been devastating.
GDPR compliance projects provide an ideal opportunity for businesses to review their cyber security measures (the technological measures referred to in the GDPR) and put in place pro- cesses and procedures (organisational measures under GDPR) to reduce the likelihood of breaches due to human error – according to market research more than half of data breaches arise from employees’ careless behaviour.
Outsourced processing is another area of risk and the GDPR mandates the use of contracts with outsourced data processors and stipulates a number of requirements that must be placed on processors via contracts. As data controllers, businesses will therefore be in a position to place clear obligations (including rights to audit) on processors.
One of the outcomes of a GDPR data audit is a clear picture of personal data, particularly as it relates to customers and prospects. By properly cleansing marketing databases, businesses have a golden opportunity to get rid of out-of-date and inaccurate data and to engage with customers who are genuinely interested in their brands and products. Consumers are increasingly aware of the value of their personal data to businesses and clear privacy policies will enhance customers’ confidence to share more of their personal data. Proper engagement under GDPR can often lead to an initial dramatic loss of data from a marketing database, however, a smaller but more engaged list of individuals who are truly inter- ested provides a strong customer base upon which to build brand loyalty.
Yes, there are time and cost implications to getting ready for the impact of the GDPR, but adopting a positive approach to GDPR compliance and to using personal data effectively will reduce risks and create an opportunity to improve customer engagement, trust, and satisfaction.
The pandemic has taught me how to share more – and I feel a better leader for it
As a young professional starting out in the tech sector 30 years ago, I thrived on the fast pace,constant change and demanding workload. I lived in London, Singapore and Australia…
We need to shout about our successes. Liz Fletcher on celebrating women in biotech
Throughout my career in biotechnology and life sciences, I have seen many women leading ground-breaking research studies in their fields of expertise. Yet, and I include myself in this, we…
Getting the best out of patient data is key to unlocking future health benefits in Scotland
It is important that clinicians’ voices are heard in the consultation around Scotland’s new health and care data strategy, which closes this week (12 August). Busy GPs like myself are the trusted…
How motherhood helped me be a better leader
Consider this an open letter to anyone I have worked with before I became a mother and before I fully understood how being a parent is actually a prized asset…
‘We cannot achieve our goals without entrepreneurs’ – Kate Forbes on vision for new ‘tech scaler’ network
From the very start of my ministerial career, I have had responsibility for the Scottish tech sector – and I can still say what I have said from the start,…
Finding a role in cyber was ‘tough’ for Cheryl Torano. Now she’s determined to help other women join an under-represented industry
When I decided to upskill to change careers at the age of 30 and dive into the digital world, I knew I would be starting out at the bottom of…
Why innovation and marketing are the perfect partners to make changes that matter￼
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…