GDPR compliance has for some become a big headache and for others big business but both sides should see the upcoming Regulations as an enormous opportunity.

Operational Level

Companies are being forced by the Regulations to review, revise and rethink all its core processing functions. The two initial questions all CEOs/DPOs had to ask themselves were: What do we process? and; Why do we process it? The value-added role in this process was to ask the third question: how can we do it better? Most established businesses will over time have accrued additional processes; captured extra data and inadvertently over exposed themselves in the new world of data protection. This journey to compliance will force them to revise their core functions and find efficiencies in their data capture, data storage and date processing functions. This is an area where resources have not traditionally been allocated but the threat of monetary or reputational penalty has focussed companies on reviewing and refining these processes.

Strategic Level

Marketing & Sales

Companies are being forced by the Regulations to review, revise and rethink all its core processing functions. The two initial questions all CEOs/DPOs had to ask themselves were: What do we process? and; Why do we process it? The value-added role in this process was to ask the third question: how can we do it better? Most established businesses will over time have accrued additional processes; captured extra data and inadvertently over exposed themselves in the new world of data protection. This journey to compliance will force them to revise their core functions and find efficiencies in their data capture, data storage and date processing functions. This is an area where resources have not traditionally been allocated but the threat of monetary or reputational penalty has focussed companies on reviewing and refining these processes.

Service Level Operators

Differentiating your company in the market place as a Professional Services provider, a company operating on a SAAS model or as an Outsourced Service Provider or data processor is a difficult job however, as customers and contracting organisations begin to wake up to GDPR and their own responsibility therein early adopters of GDPR best practice will afford themselves an opportunity to gain an advantage over competing providers and vendors when it comes down to the tendering process. Be a market leader and a standard bearer in your sector. Present your relevant compliance with the Regulations and provide your customers and suppliers with the assurances they will require to continue with your services or chose you over your competitors.

Governance Level

No organisation wants to be ‘the one’. The time to start your compliance journey is now, it’s still not too late. Every organisation must allocate commensurate resources to ensure that their organisation can demonstrate compliance with the Regulations or a clear plan to achieve compliance in a reasonable time frame. No organisation will be compliant on 25 May 2018 but the Regulators will expect that all organisations will be able to demonstrate their own responsibility to the protection of their data and their data subjects rights. The decision now is how to add value in that process.