Recent scaremongering surrounding GDPR has left some businesses in operational paralysis, while others are taking a tick-box approach and rushing into IT decisions. And as we all know, both inaction and over-reaction tend to cause even more panic.
The GDPR has been a long time coming. It’s the biggest change to data privacy rules in 20 years and it may even set the global standard for data processing. The businesses that will come out top are the ones that take a long-term, sustainable approach.
Assessing the situation: why you shouldn't fear GDPR
You may need to re-think technology, security and data handling processes in preparation for the GDPR. But if you're compliant with the current Data Protection Act, and undergoing digital transformation, you're closer to compliance than you think.
Rather than acting out of fear, you should see the GDPR compliance journey as a golden opportunity. By aligning IT, security and privacy with high-level goals, businesses can improve operations overall – sometimes quite dramatically. Here's how:
1. Squeeze value out of the inevitable data audit
A data audit is fairly inevitable for most businesses in preparation for GDPR. This is to understand what personal data they house, where it is, who has access to it, if it’s correct, if it's necessary, and if there are duplicates.
But, a data audit is one of the best things you can do for your business.
Fast-growing companies tend to have fast-growing unstructured data (think PowerPoints, emails, social media). This is hard to pin down and often a key problem for lack of visibility, control and protection.
Not only will a full audit decrease security risks and fill in your blind spots, you'll also unlock a goldmine of new insights you can leverage later.
2. Get in the cloud for easier compliance
Digital transformation is now a key priority for businesses, with more than 56 percent already using cloud applications. But embracing the cloud has the potential to make compliance easier too. Here's how
- Digital identities and access requests. With GDPR, all individuals can request access to their data. It should be complete, in an accessible file format and handed over in one month, free of charge. They can also take this from you and move it somewhere else, or ask you to delete it. In the cloud, all information can be created, tagged and automatically logged under one digital identity, making it easy to store, locate, retrieve or delete data and send to the individual.
- Security and privacy. Data should be fully secured at all times – whether it's static, in transit or in a different EU location. Fortunately, cloud computing is built for data mobility. Information can be secured at the point of creation, and this can follow it wherever it goes, on any device.
- Access and permissions. Data should only be accessed by authorised people, it needs to be necessary for their job and accessed for the minimum amount of time possible. In the cloud, many apps allow permissions to be set through a tiered, role-based system. Admins can also grant or revoke access and make it time-sensitive.
3. Spot the other silver linings
If you're using cloud technology, spotting the other silver linings can help mitigate the demands of compliance. It has lots of positives for businesses, including smoother internal processes, increased productivity and a boost in ROI. Here's how:
- - Storing and filing data becomes easier and more efficient
- - It creates a 'unified communications' platform for sharing information
- - Automatic data trails all in one place = a single source of truth
- - You can search and filter data easily to pull of reports you need
4. Improve security for your own sake
At its heart, GDPR is about stringent security to ensure privacy. Alongside protecting people's data comprehensively, you'll also need to report a data breach within 72 hours.
With many crippling cyber-attacks hitting businesses this year, GDPR is the perfect excuse to improve IT security. When done right, the cloud is more secure than on-premise solutions, and data can be analysed to detect incidents, often through automation, and even before they happen.
5. Revolutionise your marketing and sales
With data unified and organised, there's potential to get a 360° view of prospects and customers, understand their needs, and tailor communications to get them through the sales funnel.
It might seem counter-intuitive to pair your marketing strategy with the GDPR, but two-thirds of customers say they'd share more data with businesses if they were open about usage.
Clear opt-in, consent and data usage policies under the GDPR doesn't mean profiling is dead – the dynamics have just changed. Ultimately, it'll mean you can match with more qualified leads and put an end to chasing cold ones.
6. Differentiate through better culture
At the crux of the GDPR is a transparent culture around data and 'privacy by design.' While technology will be a key part of compliance, you should start with people and processes, make training a priority and build outwards from there.
Although all businesses will need to achieve this eventually, few understand the importance of building genuine culture from the ground up. If you focus on this, you'll gain credibility and differentiate by earning people's trust (as well as saving yourself time, effort and money in the long-run).
Action plan: getting off the ground with GDPR
The starting point for any business is to assess its current position on the compliance scale. To help, we've put together 10 questions you need to ask your IT provider about GDPR which you can download for free here.