With just over three months left to prepare for the new General Data Protection Regulation coming into force on 25 May 2018, many businesses view GDPR as a four letter word.
Driven by the ‘stick’ of significant fines and reputational risk, many businesses have adopted a GDPR plan to address compliance in time for the new regulation – but what many businesses overlook is the ‘carrot’ of the GDPR and some of the opportunities it offers.
REDUCED DATA STORAGE COSTS
Carrying out a data mapping and data flow analysis allows companies to improve their understanding of their data. During an exercise of this nature many businesses find that personal data is replicated in several repositories across the organisation. Applying the data minimisation requirements of the GDPR encourages businesses to consolidate information into a single source and this can significantly reduce data storage costs.
CYBER SECURITY AND OUTSOURCING
Compliance with the GDPR’s requirements to put in place appropriate “technological” and “organisational” measures to ensure data security is an opportunity to address the ever- increasing threat of data security breaches. TalkTalk is an example of a company whose business has been significantly impacted by two different types of security breaches – one technological (a cyber-attack) and the other organisational (individuals at its IT services company in India unlawfully accessed the details of customers). As well as incurring an initial fine of £400,000 in 2016 and a further £100,000 fine in 2017, the impact of data security breaches on TalkTalk’s reputation has been devastating.
GDPR compliance projects provide an ideal opportunity for businesses to review their cyber security measures (the technological measures referred to in the GDPR) and put in place pro- cesses and procedures (organisational measures under GDPR) to reduce the likelihood of breaches due to human error – according to market research more than half of data breaches arise from employees’ careless behaviour.
Outsourced processing is another area of risk and the GDPR mandates the use of contracts with outsourced data processors and stipulates a number of requirements that must be placed on processors via contracts. As data controllers, businesses will therefore be in a position to place clear obligations (including rights to audit) on processors.
EFFECTIVE MARKETING
One of the outcomes of a GDPR data audit is a clear picture of personal data, particularly as it relates to customers and prospects. By properly cleansing marketing databases, businesses have a golden opportunity to get rid of out-of-date and inaccurate data and to engage with customers who are genuinely interested in their brands and products. Consumers are increasingly aware of the value of their personal data to businesses and clear privacy policies will enhance customers’ confidence to share more of their personal data. Proper engagement under GDPR can often lead to an initial dramatic loss of data from a marketing database, however, a smaller but more engaged list of individuals who are truly inter- ested provides a strong customer base upon which to build brand loyalty.
Yes, there are time and cost implications to getting ready for the impact of the GDPR, but adopting a positive approach to GDPR compliance and to using personal data effectively will reduce risks and create an opportunity to improve customer engagement, trust, and satisfaction.
Joanna Boag-Thomson is a Partner at Shepherd and Wedderburn LLP.
Related posts
Interviews
Comment
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…
What AI difference a year makes
Amazingly, it’s been one year since the publication of Scotland’s AI Strategy. And what a year it has been. Demanding but rewarding, with good progress made and great foundations laid…
International Women’s Day: It’s time to harness power of women in technology
As we celebrate International Women’s Day, I hope to be part of a future where barriers that prevent women from competing on a level playing field in the work environment…