by Brian Grant, Director, EMEA, Infoverity
There is a lot of scaremongering about GDPR going on these days. The tendency is to focus exclusively on the “sticker shock” of the possible fines levied for non-compliance and to treat it as just another government regulation to be complied with lest your company be ruined. This could lead to companies in EMEA acting out of fear to do the bare minimum to avoid penalties.
Are the fears justified? It is hard to tell at this point as enforcement does not start until 25 May, 2018 so there is no precedent yet. At least one supervisory authority says that the fears of debilitating fines are overwrought and lose the point of GDPR, which is to increase transparency and accountability, while ensuring the rights of the people over who can have and use their personal data.
Are the fines the only possible cost associated with non-compliance with GDPR? Absolutely not. In fact, perhaps the biggest cost of non-compliance with GDPR would come if it was discovered that a company was the victim of a data leak. The cost of reputational damage could be more significant than any fine and could take years to recover from. In addition, a leak can lead to significant material costs to remedy the issue and provide additional protections to consumers after the fact.
Wait, so you said there was too much focus on fear from GDPR? Absolutely! GDPR is a fantastic opportunity for companies to put in place a level of maturity in data governance, data management and IT security. If companies take the big picture approach rather than focusing on just doing the bare minimum to comply with the letter of the law, they can find themselves in a much better position to leverage the value of their data for years to come. It could improve customer service, enable true business intelligence, and streamline existing business processes, among many other things.
So what should your company do now?
As GDPR provides companies with a once in a generation opportunity to transform the way data is managed throughout the organization, efforts to implement data privacy mechanisms now can significantly reduce exposure.
There are software solutions that can automate processing and help organizations to cope with data at scale. At a recent partner conference in Frankfurt, Andrew Joss, Head of Industry Consulting at Informatica, did a fantastic job of boiling down the key questions that each company should ask itself to the following four:
- What data does your company hold, who has access to it and for what purposes?
- Do you know where all your in-scope data is?
- Do you know how you will manage consents and data rights across channels and business units?
- How will you protect your data and ensure it has the proper controls?
How can Infoverity help?
For many of our clients in EMEA, Infoverity’s GDPR Compliance Program is part of a larger data governance, data security and master data management initiative to improve how they do business and handle data. Infoverity’s GDPR Compliance Program is a modular solution that prepares organizations for GDPR implementation deadlines, providing a long term plan that will sustain and improve a company’s data privacy control practices for the future.