3 Ways Being Compliant with GDPR Could be Good for Your Business
After three years of tough negotiations, a general approach to the Global Data Protection Regulation was agreed by the European Council this summer. Now it looks set to come into force in spring 2016 once the regulation has gone through further negotiations in the European Parliament.
When the regulation finally arrives, organisations will be hard pressed to say they were unaware of the new data protection rules. However, it’s the impact of the regulation which is still significantly underestimated.
We’re starting to see the recruitment of compliance and privacy officers but there is still much to do around data compliance in the supply chain and how client data is handled and stored. Here I outline how the GDPR can be used to positive effect – offering a series of ideas to ensure that businesses and citizens are informed about how their personal, employee and company data is used.
Turning GDPR to your advantage
Increasingly privacy is getting the attention of our society. It’s a topic that is closer to home than ever before – how is our data used, by whom, and for what purpose and for how long?
We are hit with so many marketing messages each day yet organisations rarely talk about how they’re proactively protecting our privacy. This could be an original channel to talk to society. By taking a more transparent approach about how consumers’ privacy is respected, businesses could in turn build trust, creating a deeper relationship with their customers, and increasing the uptake of multiple services by them. For instance, people not just taking telephony but broadband services too.
Proving you are compliant
Research has shown that society is not afraid of sharing its data with organizations as long as they have confidence and trust that security and privacy is ensured. Therefore, it is increasingly important to prove these essential aspects.
Businesses can assign auditors to provide assurance of compliancy with GDPR to demonstrate to their customers and suppliers that they care about privacy.
Dropbox is a good example of taking a lead on this – it talks about privacy in plain English to consumers and businesses and demonstrates that the data it stores is secure and treated as confidential. It has a number of ISO certificates independently checked by a reputable auditor. It also publishes its transparency report and its Government Data Request Principles. More organisations could take a proactive approach - asking an auditor to issue a report proving their compliancy ahead of GDPR coming into force and publishing this prominently on the company website.
Look out for my next blog post looking at how businesses can prove they are compliant with GDPR taking an integrated approach focusing on both technology and process.