3 Ways Being Compliant with GDPR Could be Good for Your Business


Posted on: October 22, 2015 by Abbas Shahim

After three years of tough negotiations, a general approach to the Global Data Protection Regulation was agreed by the European Council this summer. Now it looks set to come into force in spring 2016 once the regulation has gone through further negotiations in the European Parliament.

When the regulation finally arrives, organisations will be hard pressed to say they were unaware of the new data protection rules. However, it’s the impact of the regulation which is still significantly underestimated.

We’re starting to see the recruitment of compliance and privacy officers but there is still much to do around data compliance in the supply chain and how client data is handled and stored. Here I outline how the GDPR can be used to positive effect – offering a series of ideas to ensure that businesses and citizens are informed about how their personal, employee and company data is used.

Turning GDPR to your advantage

Increasingly privacy is getting the attention of our society. It’s a topic that is closer to home than ever before – how is our data used, by whom, and for what purpose and for how long?

We are hit with so many marketing messages each day yet organisations rarely talk about how they’re proactively protecting our privacy. This could be an original channel to talk to society. By taking a more transparent approach about how consumers’ privacy is respected, businesses could in turn build trust, creating a deeper relationship with their customers, and increasing the uptake of multiple services by them. For instance, people not just taking telephony but broadband services too.

Proving you are compliant

Research has shown that society is not afraid of sharing its data with organizations as long as they have confidence and trust that security and privacy is ensured. Therefore, it is increasingly important to prove these essential aspects.

Businesses can assign auditors to provide assurance of compliancy with GDPR to demonstrate to their customers and suppliers that they care about privacy.

Dropbox is a good example of taking a lead on this – it talks about privacy in plain English to consumers and businesses and demonstrates that the data it stores is secure and treated as confidential. It has a number of ISO certificates independently checked by a reputable auditor. It also publishes its transparency report and its Government Data Request Principles. More organisations could take a proactive approach - asking an auditor to issue a report proving their compliancy ahead of GDPR coming into force and publishing this prominently on the company website.

Educating employees

Organisations need a privacy policy which is known inside out by their staff and is written in plain English. As an organisation with a societal function such as telecoms, government or hospitals, these bodies have an obligation to be even more vigilant about privacy, ensuring they talk about it in an understandable manner for all citizens. This will generate a heightened level of trust which society has been calling for.

Look out for my next blog post looking at how businesses can prove they are compliant with GDPR taking an integrated approach focusing on both technology and process.

Share this blog article


About Abbas Shahim

Business & Management Consultant
Abbas Shahim is partner at Atos Consulting where he heads the international GRC practice. He is also full professor of IT Auditing and GRC at the VU University Amsterdam.

Follow or contact Abbas