SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
How every business can benefit from GDPR compliance
Wed, 18th Jul 2018
FYI, this story is more than a year old

GDPR regulations are transforming the way businesses operate both online and offline around the world. While most organisations can find the road to compliance expensive and complex, the long-term opportunities are plentiful when the process is managed in the right way. This involves rolling up sleeves, diving deep into data protection and changing the way that teams and individuals think about personal data.

At its very heart, GDPR is all about protecting customer and employee data. It requires organisations to adopt stricter protection policies, to document how they store, use and share personal data and review data governance principles regularly to ensure compliance. In essence, companies will not only need to manage huge volumes of data but also enable a cultural shift in order to ensure the door remains locked to breaches and a solid reputation remains intact.

Opportunities to build consumer engagement while saving costs

There are many misconceptions when it comes to GDPR. New data privacy culture has become one of the most intricate debates happening around the world as it weighs notions of ethical and professional practice. How an organisation deals with GDPR compliance will depend on how it is utilising data, the industry it is operating in, and how and where that data is stored.

For GDPR compliant companies, the opportunities and competitive advantages are clear. Not only will they avoid the hefty penalties inflicted for non-compliance, but they will be well on their way to building authentic, transparent relationships with customers and a more people-centric business.

In a survey with 1,000 UK consumers, 62 percent said their confidence about sharing data with businesses has been improved by the incoming laws. In the same report 80 percent of consumers would be very or moderately comfortable with sharing data about their interests for marketing purposes.

While consumers are clearly aware of the drastic changes that are happening within companies, they're also recognising the shifts in regulations are in fact to enforce cybersecurity and privacy. On the other hand, for a business, by implementing the right compliance design principles and collecting only relevant data, they can streamline and eliminate data storage and collection processes, prevent data breaches and cyber-attacks, and reduce costs significantly.

A simple process change just won't cut it

GDPR legislation demands an organisational shift across all departments, from legal to sales and marketing to IT. And the fact is that simple process change won't quite cut it. Even with digital platforms such as Facebook, followed by many other businesses, moving quickly towards an educational approach with their customers on revised data collection and privacy policies. It is still surprising to learn how complacent the majority of individuals and businesses remain when it comes to data security.

The good news is that there is an evident rise in employees understanding their role in protecting data and who are aware that privacy issues are a very real risk now that GDPR is firmly in place. Despite the challenges ahead, it appears IT professionals generally support the regulations, with 65 percent of UK respondents of a Spiceworks survey saying they are in favour of the GDPR.

For any business, building a GDPR framework will be an ongoing process that begins with induction and education. This should be reinforced routinely and whenever any data protection issues occur. From creating personalised staff awareness workshops to investing in business automation and data protection solutions, there are many ways a company can raise awareness and create a robust framework for the compliance.

As the saying goes, Rome wasn't built in a day, therefore, GDPR cannot be a process that is shaped overnight. It requires a long-term commitment to cultural change, continue to educate and be vigilant; the entire organisation has to be on-board with responsible and compliant collection and treatment of data.

Though, it's important to remember that with change comes opportunity. The businesses of the future will approach GDPR mandate as a chance to reimagine compliance and prove their business can succeed. Those with foresight will grab the best opportunities.