More regulation and more cost, do you regard that as a bore or an opportunity for profit? Let us examine the positives, starting with the value of reviewing your policies on the collection, storage, use and permissioning of the information you hold. Probably this is not something you would set out to do without some form of incentive, but given that complying with the GDPR implies that you have to do so, where is the payback?
Firstly, there is the challenge that it represents to your assumptions. Most consultancies thrive by recommending some sort of change that turns everything upside down, thus driving out waste and excess – leaving a leaner, cleaner and less expensive operation. Collecting less data, storing it for only as long as it is essential and being conscious of the purpose you require it for has to result in a better managed and focused business.
Secondly, you are likely to be driven to deploying enhanced levels of security and control to the data which will improve your protection against criminal exploitation of your organisation.
Which leads us to the third point in that you then have something to brag about to your clients, customers, staff or other ‘natural persons’ whose data you store. In any event, it is likely that you will have to seek the sort of clear affirmative consent required by the General Data Protection Regulation, so why not combine that with beating the drum about how good you are, and how concerned you are to ensure client privacy? It will serve to enhance your reputation in their eyes, and single you out as a trusted entity.
That “active compliance” can be used as a marketing plus, not least across the common eco system that the GDPR creates within the European Community, which begs the Brexit question. It is the view of The DPO Centre that the regulatory basis that has been established is in the best interests of everybody, and represents best practice to the World. We believe it will be adopted internationally in the same manner that International Standards Organisation (ISO) specifications become the norm everywhere, and far from seeking to withdraw from it, the trust and common standards benefits will dictate that the GDPR is actively promoted.
It might also be viewed as pre-empting a ‘minus’, especially when dealing with Governmental or similar agencies who are unlikely to be authorised to engage with non-compliant entities. Likewise, if you provide Data Processor services to your Data Controller clients. If you have business there, you will not want to lose it.
We would suggest that there are training and motivational benefits to the necessarily increased engagement both of and with your staff who must now lead decisions on the data they require, and manage its ongoing security. This delegation of responsibility will mitigate mistakes and poor decisions and also ease decision making at the summit of any organisation.