GDPR compliance has for some become a big headache and for others big business but both sides should see the upcoming Regulations as an enormous opportunity.
Companies are being forced by the Regulations to review, revise and rethink all its core processing functions. The two initial questions all CEOs/DPOs had to ask themselves were: What do we process? and; Why do we process it? The value-added role in this process was to ask the third question: how can we do it better? Most established businesses will over time have accrued additional processes; captured extra data and inadvertently over exposed themselves in the new world of data protection. This journey to compliance will force them to revise their core functions and find efficiencies in their data capture, data storage and date processing functions. This is an area where resources have not traditionally been allocated but the threat of monetary or reputational penalty has focussed companies on reviewing and refining these processes.
– Marketing & Sales
Whether you have been marketing to your customers or intend to market to your customers you must be able to stand over your consent collection and consent recording processes. The regulations are very clear on the requirement for consent to be collected in a clear and transparent way and that the consent has been documented. This is cause for a lot of organisations to worry about data bases they have generated internally over a number of years without consent; marketing lists, email data bases and potential sales lists. Whilst this, for many businesses, is being viewed as a negative outcome of GDPR for many others it is an opportunity to purge your databases of disinterested and disengaged customers and non-customers. A focused campaign of consent collection will allow a sales team/ sales manager to identify a more focussed, narrowed list of truly engaged customers and potential customers. This process should have the potential to reshape the marketing campaigns around a focussed group of purchasers/ service users who want your product and service and want to engage with your company. We have clients that have been ‘selling’ for over 40 years trying sales strategies that they have never previously considered and to great benefit.
– Service Level Operators
Differentiating your company in the market place as a Professional Services provider, a company operating on a SAAS model or as an Outsourced Service Provider or data processor is a difficult job however, as customers and contracting organisations begin to wake up to GDPR and their own responsibility therein early adopters of GDPR best practice will afford themselves an opportunity to gain an advantage over competing providers and vendors when it comes down to the tendering process. Be a market leader and a standard bearer in your sector. Present your relevant compliance with the Regulations and provide your customers and suppliers with the assurances they will require to continue with your services or chose you over your competitors.
– Governance Level
No organisation wants to be ‘the one’. The time to start your compliance journey is now, it’s still not too late. Every organisation must allocate commensurate resources to ensure that their organisation can demonstrate compliance with the Regulations or a clear plan to achieve compliance in a reasonable time frame. No organisation will be compliant on 25 May 2018 but the Regulators will expect that all organisations will be able to demonstrate their own responsibility to the protection of their data and their data subjects rights. The decision now is how to add value in that process.