Can We Turn the GDPR Into a Business Opportunity?
This 4 part blog series is based off our webinar, It’s Official: The GDPR Is In Effect…Now What?. If you missed the live recording, be sure to catch the full discussion — a replay link is available when you register. Because it was such a fascinating and collaborative dialogue, we wanted Keith Read to share further commentary.
Part 1: The GDPR is in Effect… Now What?
Part 2: Lessons Learned From the GDPR
Part 4: What’s Next for Data Privacy & the GDPR?
During this GDPR series, we’ve talked about a range of topics related to the compliance and enforcement of this important piece of data privacy legislation. If you’ve followed along with me, Adrienne Williams (Lead Attorney at Microsoft) and Bill Brierly (Head of Ethics & Compliance at Liberty Latin America), you’ve learned how your organization can learn, collaborate, and innovate it’s way to GDPR excellence.
Today, I’m going to revisit the final part of our conversation: how to turn meeting the requirements of data privacy legislation, like the GDPR, into a business opportunity. I’ll also share some practical solutions your organization can use to become more compliant.
How is the GDPR a business opportunity?
Now, more than ever, data privacy matters.
In a number of industries, I’m noticing that the GDPR, and data privacy in general, is being treated as a business opportunity, and to great success. The automotive industry is an excellent example of this, because they understand that data usage is going to increase exponentially with the increase of autonomous vehicles and enhanced technology capabilities.
In Japan, some vehicles have access to a database of more than 900 police stations, fire stations, and hospitals. In the event of an accident, the car knows who to call. All of this data means that the collection and security of personal data is paramount, and some manufacturers have really started to look into the future to decide what their data strategy should be. I’m confident that they’re also looking to legislation like the GDPR to guide their way.
The life sciences industry is another sector that collects a lot of sensitive data, and they’re only going to grow. Just think about how the popularity of at-home DNA testing kits has risen in recent years. These companies hold a massive amount of personal information, and they need to map their data processes to ensure they remain compliant. A data breach or security incident would be a nightmare for a company with so much personal data; consumer and investor confidence would surely erode. I’ve been very impressed by how well the life sciences industry is looking forward — they understand that management is absolutely crucial.
The GDPR sets the tone for data legislation worldwide
Bill agrees that there’s a world of opportunity within the GDPR. He explains that the way companies respond now is setting the tone on data privacy and the need for security around consumer and employee information… in the exact same way the FCPA set the worldwide tone on anti-corruption measures.
In Latin America and the Caribbean in particular, he see countries looking to the GDPR as an example of where to start their own data privacy programs.
Adrienne shares similar sentiments about the GDPR presenting an opportunity. As she explains, Microsoft realizes that keeping up with the evolving regulatory landscape is one way to retain the trust of customers, employees, partners, and shareholders.
The ROI of GDPR compliance
Data privacy protections are something all companies should implement, and Bill explains why — there’s an ROI in terms of consumer and investor respect for investments in data privacy. Studies show that companies who focus on a culture of ethics, compliance, sustainability, and responsibility perform better in the marketplace. Data privacy squarely falls into the ethics, compliance, and responsibility category.
When the EU wrote the GDPR, it was under the belief that data protection is a fundamental individual right. We’ve all heard too many examples of sensitive data being compromised to the detriment of consumers and employees.
Bill made another point about business ROI in the webinar that I think is extremely insightful: If companies invest in data privacy protections at the same level they did for anti-corruption measures, similar business benefits are likely.
Practical solutions for GDPR compliance
When you read through the GDPR, you’ll notice there’s a requirement that, in the event of a data breach, an organization must make a report within 72 hours. That’s not a terribly long period of time to investigate the source or cause of an incident, especially given the way many organizations map and handle disparate data silos. Oftentimes, simply locating and gaining access to the relevant data is a lengthy, convoluted process.
However, not reporting the incident can lead to hefty fines, public outcry, and the erosion of consumer and investor confidence. Businesses need easy-to-use technology solutions that make meeting the GDPR’s requirements as efficient as possible.
At Convercent, we wanted to create a practical solution that would streamline the reporting process. To that effect, capabilities were implemented in the Disclosures Manager to make reporting events like losing a laptop or downloading a virus quick and easy. This data can be easily accessed and analyzed as well, and it can even be compared with other data sets to help you understand the wider compliance and ethics issues at play.
Microsoft has also built compliance solutions into its products. When you use Microsoft 365 and other cloud products, you can control and manage data to meet compliance requirements. They even have tools that can help you implement a comprehensive, advanced data governance strategy as your data grows.
If you want to reap the benefits of compliance, you need the right tools
It’s clear that meeting the regulatory requirements of personal data protection can be a business differentiator, especially in today’s data-rich environment. It’s also clear that you can’t meet those requirements without measures such as:
- Regular reviews of your systems and processes, including thorough data audits.
- A focus on people, processes, and technology.
- A risk-based, company-wide awareness and training campaign to ensure everyone is on the same page.
- Collaboration with IT, HR, and other internal departments.
- A thorough vetting process of all four categories of third parties.
If it sounds like a lot, that’s because it is! But, remember what I shared in Part 3: Perfection shouldn’t be your goal, because it’s impossible to achieve.
Thank you for following along with our extensive GDPR series. On behalf of myself, Adrienne, and Bill, we hope you’ve learned some valuable lessons that can be applied at your own organization. If you’d like to reach out to me, Adrienne Williams, or Bill Brierly with GDPR-related questions, don’t hesitate to get in touch on LinkedIn: