The board and management must take a knee for the GDPR
Your big data analytics on Profiling can have a significant impact on businesses. Given the broad scope, both geographically and materially of the GDPR, and the definition it gives to 'profiling', most businesses must be concerned by these provisions due to the lack of 'profiling' experience.
The GDPR on personal data regulation was necessary. The old Data Protection Directive was 23 years old and did not keep up with the news requirements of social media, big data and IoT. Therefore there are advantages for everyone through the excellent data protection because customer confidence in proper data management is a severe breach and potentially violates trust and the organisation's earnings base.
Risk analysis, documentation and implementation costs – but above all, the fear the significant fines and expensive legal bills is often the primary motivator for compliance because non-compliance is costly and causes substantial reputational damage. At the EUGDPR Institute, we always focus on the apparent benefits to achieve through the excellent data protection and by adding the components of Governance and Risk management.
GDPR is in most organisations apparently a business-critical area that requires a structured implementation methodology but rarely something that is at the top of the agenda for board meetings, even though more reports, show that most organisations still do not meet the future data protection and GDPR requirements.
1. Confidence in digitisation is a catalyst for growth.
Digitisation has long been focused on reducing costs and streamlining resources.However, it must be evident that digitisation also dramatically creates value as a change tool for the organisation and all stakeholders.
Confidence is eliminated when cybercriminals have accessed data, sites are hacked, services downloaded, or our sensitive information sent in the wrong direction. Data protection is a fundamental condition for us to interact freely through digital services.
The trust must be maintained. GDPR is, therefore, a good starting point for collection and handling of personal data is made under controlled conditions and with full transparency in policies and procedures.
2. Giving power to the data subject.
Individually, we also achieve better privacy and control of our data with GDPR. Just as well as being entitled to control over your own home, it is a right to allow the individual to decide on his / her personal data. Today, the situation is often that much of the control of our digital data is out of our hands. It is untenable and potentially offensive to the individual.
The goal of GDPR is precise to ensure transparency in and control of processing our personal data - whether in public or private sector. Data must always be treated correctly and confidentially. GDPR thus contains good principles for data hygiene, which everyone can benefit from.
3. Without trust, there can be no business. Ethical principles for data protection can provide a clear competitive advantage. For example, in trade between EU countries Denmark and the US for billions of Danish kroner.
Trade, also due to data exchange. The economy thus also depends on our digital gaming rules between businesses, consumers and the public. Potentially, even here, our future jobs are to be found. In future, companies who opt out of focusing on data protection will be perceived as companies that do not take responsibility for their employees, customers and consumers. Without trust, no business.
4. GDPR protects us from expelling old habits. Most violations of the rules in personal data processing occur either by mistake or random and inappropriate use of data.
Therefore, starting with establishing a good data protection culture at all levels of the organisation is essential. GDPR helps us focus the right places. A digital environment can be built where we can reliably put our personal data into the hands of others where the purpose is clear, necessary and objective.
Fear can be a good motivator
Fear is an excellent motivator and sells the history of GDPR, both on the board and in the media, but it should not be necessary to fear GDPR. It is thus my hope that the focus can shift from the amount of the fine potentially to the far-reaching negative consequences of compromising personal data and digital trust in another way.
First and foremost, we need to take care of the data that gives businesses a business base and the public the opportunity to efficiently interact with the citizen. It forms the basis of our existence in a democracy and a welfare society in most of the EU and the western world. It is a balance, so let us take diligent care of our shared privacy data and take a knee for the virtues of GDPR implementation.