Why GDPR is the best opportunity data managers ever had
Any online search for information on General Data Protection Regulation opens a veritable Pandora’s box of doomsday-scenario articles discussing high-cost and high-risk impacts to organizations, business leaders, and key stakeholders.
Rather than fearing GDPR, organizations should embrace the legislation and use it as a catalyst to improve information security strategies and to create a new path to future revenue growth.
Starting May 25, 2018, organizations that collect personal data on citizens of European Union (EU) countries will need to comply with strict new rules about the protection of personal data. Replacing the 1995 Data Protection Directive, GDPR eliminates the need for individual countries to establish their own data protection laws.
GDPR is one legislation that streamlines legislative efforts and creates a more efficient approach. However, GDPR also affects all global organizations that operate within the EU or handle EU citizens’ data, even if headquartered outside of the EU, which opens these organizations to potentially substantial penalties if they fall out of compliance.
The legislation might seem daunting at first, but it is a natural result of vast market and technological changes over the last 20-plus years. For example, when the Data Protection Directive launched in 1995, the internet was a 28.8K dial-up modem experience, personal computer desktop mass storage came in 500-megabyte hard drives, cellphones were analog, and people still used pagers.
Data storage has obviously changed as well, with global data storage currently reaching more than 16 zettabytes (ZB) and an estimated 163ZB predicted by 2025. Times certainly have changed. How organizations mine and use increasing amounts of data has grown exponentially, and, perhaps most importantly, advances in technologies have soared since 1995, including cybercrime sophistication.
Strength Through Compliance
In this era of data-driven marketing, innovation, and business intelligence, personal and corporate data is now more crucial, more at risk, and more open to potential compromise than ever before. As organizations increasingly rely on data to drive business and beat industry challenges, how that data is stored, cleansed, and accessed for analysis and reporting should be a top priority. Moreover, cybercriminals thrive on data as well, so the risk of data breach is a constant challenge.
Corporations can mitigate these risks by establishing information security road maps, internal controls, and performing internal and third-party security assessments. Yet, historically, individuals have been at the mercy of these corporate efforts and have had limited ability to mitigate risk to their own personal data, or even to have options for legal recourse after a breach occurs.
Many organizations have been slow to catch up to technological advances of cybercriminals, and many others find their efforts and abilities lacking, which leads to an overall increased risk for organizations, stakeholders, and consumers. As organizations begin meeting GDPR requirements, they have the opportunity to create more robust internal practices and more effective organizational security controls. In short, compliance with GDPR requirements actually strengthens the organization and creates a path to better store, control, analyze and access data.
Increase Profits Through Data Quality
GDPR will give individuals greater control and rights over their personal data. However, regulation will also incentivize organizations to create and implement GDPR-specific policies and programs, which can strengthen operational aspects and help create a more accurate knowledge base.
One aspect of GDPR causing concern within organizations is Article 17, or “Right to erasure (right to be forgotten),” which gives individuals the right to request the deletion or removal of personal data if no reason exists for its continued processing. While Article 17 initially seems challenging, businesses should look at the positive impact the rule could have on the quality of their data.
Cleaning up data can create a far more valuable and accurate data set. In the information age, this accuracy can translate to a higher return on investment and help organizations better interact with their vendors, clients, and market channels and lead to higher fiscal results for the business.
Transform the Enterprise
While organizations will likely experience growing pains as they scramble to meet GDPR requirements, these efforts hold tremendous potential value for businesses in all industries. Organizations already understand the correlation between accurate data and better market analysis, innovation, and business strategy. A clear path to substantial corporate and fiscal growth is revealed when organizations combine this growing understanding with greater levels of information security and appropriately balanced risk.
By complying with GDPR requirements, organizations can realize that enterprise data management not only protects the data subject but also drives opportunity and sharpens corporate strategy.