First published July 2017
For many business owners, the imminent arrival of the EU’s General Data Protection Regulations (GDPR) is something that is keeping them up at night. But initiatives associated with getting GDPR-ready are set to also bring real benefits to businesses, not least better cybersecurity.
With less than a year to go before GDPR comes into effect, the growing sense of urgency is understandable. Statistics suggest that most business is still not prepared for the changes that will come, with 83% of enterprises in Ireland unable to name any GDPR changes that will affect their business, and 70% unaware the legislation comes into effect on May 25, 2018.
Another report reveals that just 54% in the UK understand the fine they might incur for failure to comply – about 4% of their turnover – while the same percentage of small businesses say they will be forced to close if they are fined. What is more, just 8% of UK businesses consider themselves GDP compliant now, and just 14% of Irish businesses are only now beginning the process of getting GDPR-ready.
There is no doubt that getting the house in order will require considerable investment, with companies having to employ Data Protection Officers, just as health and safety officers are required to ensure adherence to Workplace Health & Safety regulations.
But the benefits to being GDPR compliant make that investment worthwhile. We have put together a shortlist of just 5 of them.
5 Benefits Getting GDPR Ready
Major data breaches have made global headlines, but the problem of data protection is a lot bigger when smaller companies are considered. In the Cyber Security Breaches Survey 2017, an annual report published by the UK’s Department of Culture, Media and Sport, about 70% of large UK firms were found to have suffered a cyber attack. With the threat of attack so high, being certified as GDPR complaint is going to be a major plus in marketing terms, boosting your business’s reputation as secure in the eyes of potential customers.
With a reputation for being ‘cyber safe’ such a major boon for businesses of all sizes, it’s clear that better cybersecurity will greatly improve loyalty amongst existing customers. The consequence of the alternative was highlighted by a FireEye report published in the US in 2016, where 76% of consumers who responded admitted they were likely to take their business elsewhere if a company was guilty of negligent data handling, and 75% saying they would stop buying from a company that suffered a data breach following boardroom failure to prioritize cybersecurity. A further 59% confirmed they would take legal action if their personal details were stolen and then used for criminal purposes
Getting GDPR-ready will improve the accuracy levels of data stored in a company’s database because it will allow customers not just to access their personal data, but to inspect and validate the stored information. This right already exists, but since the new regulations will require data controllers to rectify any identified errors they are told about, it means the accuracy of data stored will be greatly improved.
Since the GDPR has introduced Data Controller accountability, the role has become even more serious. While not specifically mentioned, formal awareness training is set to become standard to ensure the Data Protection Officer (DPO) is properly qualified for the job. In fact, Article 37 requires that DPOs have “expert knowledge of data protection law and practices”. As a result, this data protection training is set to ensure better cybersecurity, and a dramatic reduction in data breaches.
While consent is a key factor in the GDPR, and this legislation is focused primarily within the EU, it has taken into account the need to protect individuals whose data is transferred to a third-party country of organization outside the EU. But, such transfers can only be done where the third-party provides legal and contractual agreements to protect the rights of the ‘natural person’ (individual). Transfers are permitted without this condition in certain circumstances, but doing so in response to a legal request or requirement from a third country is not one of them. The result is, again, a much high level of consumer and client trust.