Story image

How every business can benefit from GDPR compliance

18 Jul 2018

GDPR regulations are transforming the way businesses operate both online and offline around the world. While most organisations can find the road to compliance expensive and complex, the long-term opportunities are plentiful when the process is managed in the right way. This involves rolling up sleeves, diving deep into data protection and changing the way that teams and individuals think about personal data.

At its very heart, GDPR is all about protecting customer and employee data. It requires organisations to adopt stricter protection policies, to document how they store, use and share personal data and review data governance principles regularly to ensure compliance. In essence, companies will not only need to manage huge volumes of data but also enable a cultural shift in order to ensure the door remains locked to breaches and a solid reputation remains intact.

Opportunities to build consumer engagement while saving costs

There are many misconceptions when it comes to GDPR. New data privacy culture has become one of the most intricate debates happening around the world as it weighs notions of ethical and professional practice. How an organisation deals with GDPR compliance will depend on how it is utilising data, the industry it is operating in, and how and where that data is stored.

For GDPR compliant companies, the opportunities and competitive advantages are clear. Not only will they avoid the hefty penalties inflicted for non-compliance, but they will be well on their way to building authentic, transparent relationships with customers and a more people-centric business.

In a survey with 1,000 UK consumers, 62 percent said their confidence about sharing data with businesses has been improved by the incoming laws. In the same report 80 percent of consumers would be very or moderately comfortable with sharing data about their interests for marketing purposes.

While consumers are clearly aware of the drastic changes that are happening within companies, they’re also recognising the shifts in regulations are in fact to enforce cybersecurity and privacy. On the other hand, for a business, by implementing the right compliance design principles and collecting only relevant data, they can streamline and eliminate data storage and collection processes, prevent data breaches and cyber-attacks, and reduce costs significantly.

A simple process change just won't cut it

GDPR legislation demands an organisational shift across all departments, from legal to sales and marketing to IT. And the fact is that simple process change won't quite cut it. Even with digital platforms such as Facebook, followed by many other businesses, moving quickly towards an educational approach with their customers on revised data collection and privacy policies. It is still surprising to learn how complacent the majority of individuals and businesses remain when it comes to data security.

The good news is that there is an evident rise in employees understanding their role in protecting data and who are aware that privacy issues are a very real risk now that GDPR is firmly in place. Despite the challenges ahead, it appears IT professionals generally support the regulations, with 65 percent of UK respondents of a Spiceworks survey saying they are in favour of the GDPR.

For any business, building a GDPR framework will be an ongoing process that begins with induction and education. This should be reinforced routinely and whenever any data protection issues occur. From creating personalised staff awareness workshops to investing in business automation and data protection solutions, there are many ways a company can raise awareness and create a robust framework for the compliance.

As the saying goes, Rome wasn’t built in a day, therefore, GDPR cannot be a process that is shaped overnight. It requires a long-term commitment to cultural change, continue to educate and be vigilant; the entire organisation has to be on-board with responsible and compliant collection and treatment of data. 

Though, it’s important to remember that with change comes opportunity. The businesses of the future will approach GDPR mandate as a chance to reimagine compliance and prove their business can succeed. Those with foresight will grab the best opportunities.

 Article by Unit 4 A/NZ country manager and sales director Chris Tithof.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.