When we hear about all the implications of the General Data Protection Regulation (GDPR) for businesses operating in the EU or handling personal data of EU citizens, I’m pretty certain that most people feel a certain apprehension (maybe even a pinch in the stomach?). And I can totally understand why! Besides all the things I need to do, there are also fines for data breaches and non-compliance, and they can be huge.
But let’s try to step back and look at the bright side of GDPR – yes – such actually exists! Let me show you why, and you – like me – might come to appreciate or even fall in love with it.
The personal side
First, let’s talk about the personal side of GDPR: for EU citizens, GDPR means a lot. It means that companies need to be much more conscious and responsible when processing and handling personal data of EU citizens. They need to be more transparent about how they handle personal data, and this is – as an example – guaranteed by the “right to access” or “right to rectification”. And all the media focus on GDPR has revealed the “right to be forgotten” which is not entirely new but is another great right for EU citizens.
And yes, how does this affect my company? We’ll get back to that just below.
The company side
Now let’s go back to the company side. Here are my 3 reasons for falling in love with the GDPR:
- Most companies handle a lot of data (and have done for years), but now you actually need to know what’s there and where it is. This should lead to a giant clean-up in most companies which is beneficial, because you revisit the data and get it structured. And maybe you find something you can use?
- With the recent cases, including Cambridge Analytics and Facebook, customers are looking at privacy in a different way. Use it as a business enabler by earning your customer’s trust. It’s all about brand.
- Committing to GDPR compliance helps to streamline and simplify companies’ data processes and use of systems. Human autonomy has led to a significant increase in processes, use of systems and duplications (maybe even triplications).
The big clean-up
Most companies deal with a considerable amount of data (customers, employees, production, marketing, R&D etc.), and all this data is stored somewhere. In your efforts towards becoming GDPR compliant, all the data you have – including that from before 25th of May – needs to be handled and located.
One of the most troublesome processes to become GDPR compliant is to be able to identify the personal data in that (let’s be honest) mess. Your company probably uses different locations for archiving documents, software for managing processes, and what about those emails? And the documents attached to those emails? Your compliance requires you to be in control of those data. And manual search, for instance, can take a considerable amount of time – Time neither your business nor the GDPR allows you to take. For solving this issue, there are tools in the market that can help you to identify personal data faster in your systems.
One of the consequences of this deep investigation is to find out redundancy and what needs to be deleted. You will probably need to get rid of a bunch of stuff that doesn’t make sense to keep. But what about the data you are allowed to keep because you have a legitimate interest or another obligation?
A clean up is beneficial, because you revisit the data. And you get it structured. Old sales leads? The contract you forgot to follow up on? The subscription you’re still paying for but not using? And so on.
Get it structured and use it! You probably spent a decent amount of time – and thereby money – getting it. And maybe you’ll even save money in the end; by working on becoming GDPR compliant – which is an ongoing process – it helps to identify superfluous systems and – suppliers. These initiatives can facilitate cost saving activities.
If you do not know how to find personal data in your systems, we offer a free session with a GDPR expert.
Build a trustworthy brand
The privacy of individuals is reinforced with GDPR and it should be respected. Depending on its use or a data breach, it could potentially cause harm to the individual who had their data misused or disclosed. Even if you disregard this, the consequences of a bad data reputation are severe.
The cases of Cambridge Analytics and Facebook shows exactly why GDPR is a piece of valuable regulation for protecting the privacy of individuals. 87 million of Facebook users had their data exposed by Facebook to Cambridge Analytics. The consequences for Cambridge Analytics have been severe (they filed for bankruptcy). For Facebook it is still unclear – but are you as a big a player as Facebook? Can you withstand the shitstorm that follows?
Committing to GDPR shows a considerable respect for your customers’ and employees privacy. It brings an opportunity to build more trust in your brand. You could highlight in your marketing activities, customer materials and other relevant places. Show how transparent and ethical your standards are, and that you have procedures in place.
Simplify your business
When you start the journey of becoming GDPR compliant, you revisit a bunch of processes and software that your employees have been using. Disregarding GDPR entirely, one can easily get to the conclusion that having fewer systems is often the better – and more efficient – alternative. After our own internal review, we identified 5 project management software being used(!). The simpler, the better.
And with fewer systems across the organization, it is easier to ensure GDPR compliance. In that way, the work to become GDPR compliant can help you to streamline your company’s process and reduce the amount of different software solutions solving the same problem.
Working with fewer systems is another advantage when introducing new people to the organization. They can get started with the IT tools fast, learn how to follow GDPR procedures within the systems faster.
GDPR should not be a burden to the everyday work of employees. And the way I see it – it helped us lifting a burden for especially new employees by having a simpler setup.
While companies are taking more attention to the GDPR due to the possibility of a huge fine, I like to see it in a context that can leverage opportunities for our business.
In the end, committing to GDPR can be a win-win situation, both for companies and individuals. Individuals will have their rights protected and assured, and companies will enable a more data-driven approach and undertaking that long-overdue clean-up while building a great brand. Unless you like chaos and want a brand that has a reputation of not protecting its customers’ and employees’ data… But then you probably wouldn’t have found your way to this post anyway.