Is GDPR a Boardroom Discussion?
We recently surveyed insurance companies in the London city area to understand what they thought about GDPR and how they are preparing their businesses for it. About 70% of respondents said they are still trying to understand what GDPR means for them and 25% said they are confident about what they need to do and are looking for services and solutions to address specific concerns.
In short, except for early movers who have in-house legal support to guide them on the matter most organisations are still trying to get their heads around what needs to be done. I think I am safe in extrapolating the above sentiment across other business sectors outside of insurance.
Why we should be taking action now?
Most businesses comply with the existing data protection directive and have processes and systems in place to ensure that their customer data is safe. So do we need to change? How is GDPR different and why is there an urgency to comply before May 2018?
The answer is simple – GDPR is a regulation rather than a directive which means fines could be issued the day it comes into effect. Given the timeline businesses need to act now as any processes or system change requires 6- 12months to be implemented.
The risk of non-compliance is very high - most serious violations will result in fines of up to €20 million or 4 per cent of turnover (whichever is greater). The new regulation raises the bar on standard practices for managing “personally identifiable information” and the fines have been raised as well.
Experts have estimated that fines levied by ICO last year could be 79 times higher under the new benchmarks.
GDPR or no GDPR security of data is high priority
The basic underlying principle of GDPR is “protection and security of personal data” and if your organisation already values the privacy and security of employee, supplier or customer information, GDPR will be a tick box exercise for you.
If you don’t have systems and processes in place to secure customer data, you should be making changes – GDPR or no GDPR. Managing your customer data well has benefits beyond avoiding regulatory fines.
- If your data is accurate, retrievable you can derive more value from the data by designing customised messages or products for your customers, you can predict behaviour and pro-act rather than react to a customer’s demands.
- Well managed data helps build trust with your customers and win their loyalty, they feel safe with you.
- In the boardroom, data accuracy & availability ensures decision making is easy and well informed.
There is no business today who can afford to ignore the importance of data and its security. For these reasons, I see GDPR as an opportunity to get boardroom approvals to invest in changes that will not only help achieve compliance but deliver business benefits in the long run.