GDPR came into effect on May 25th. Granted, the world didn’t come to an end but there is certainly awareness around the EU people whose personal data GDPR protects and they are making their voices heard.
According to a report released by the IAPP, complaints have started pouring in across the different EU member states with as little as 2 in Sweden and 3 in Belgium and as many as 426 in France. Ireland to date has also had 547 data breach notifications!
It is obvious that the Data Protection Authorities in the different EU states have a limited number of resources and they will slowly get through all these complaints but I am sure they will for sure. I had a chance to meet someone that works for one of these authorities and she made really clear to me that they are serious about holding companies accountable.
Good intentions are not enough
Then, why are so many companies leaving the implementation of GDPR compliant processes only at the “good intention” level?
I have spoken with different organizations of different sizes and different industries. The ones that are truly committed to data protection go ahead and make the changes they need, not only on paper, but they work towards building a culture of privacy and data protection across the organization. They truly believe that their business will benefit from the increase in trust between them and their customers because they know that in today’s world, the appropriate use of data to build better products and services is the key to their success.
Then, on the other side of the spectrum, I’ve spoken to companies that see data protection as a barrier to innovation, an impediment instead of an opportunity. On the surface, they say they will do something but unless they are forced to do it, they won’t. Ask for forgiveness and not permission, someone told me.
I am not going to lie, this attitude disappoints me because it shows short-sightedness. Best business management practices advocate the long-term vision versus the short-term gain and yet, companies still look at the short-term in this situation.
Using GDPR principles to increase your revenues, profits and innovation
What if I told you that if you implement GDPR practices you would save money and increase your profits?
Having a clear data protection governance model and a clear data management strategy will allow you to streamline. How? The amount of data that organizations collect is staggering. And do they ever clean up what they have? Not likely. What is the consequence of this? They are data-rich but information and most importantly, knowledge-poor. The amounts of data they have at their disposal are so out of control that they just add noise to their business, not value. There is so much data that they cannot identify trends, or what it is their customers really want from them.
GDPR practices require you to take a step back, look at what you have and question whether you need it or not. The data minimization and the storage limitation principles are not there just to make your life difficult, but to help you become disciplined and just collect, use and store what truly brings benefits to your business.
And in the process, if you get rid of everything that you don’t need, your storage and management costs will considerably go down and your risks of experiencing a data breach that can be damaging to your organization will go down as well. How ironic it would be if data that you didn’t even know you had available is compromised and impacts both your customers and your organization!
Innovation as a consequence of good data management
On the innovation side, GDPR will not stifle it but again, if you can optimally use the data that you have, you will get insights that you wouldn’t otherwise and that’s where innovation comes into play. Get meaningful information, build it into organizational knowledge and bring to market innovative products and services. I see it as a win-win situation where your potential for increased revenues is clear.
Building a GDPR compliant data governance model should not be seen as an impediment but it should be seen as an opportunity to get your data in order, start utilizing it for the benefit of your customers and shareholders and building a reputation of discipline, innovation and good corporate citizenship. Good intentions are never enough, clear action must be the name of the game.