At this time of high alert around data and identity theft, some might assume that the coming implementation of the General Data Protection Regulation (GDPR) in Europe was borne of fear and uncertainty. Although a commonly held position, this a misinterpretation of the intent.
The real basis of the GDPR is in data management, specifically giving firms both the impetus and the structure they need to get a handle on their data. With cloud, mobile, and the Internet of Things transforming the way business is done, the GDPR gives businesses — including Canadian businesses — an opportunity get their data houses in order and position themselves for future growth.
Why should a Canadian business care about a European data regulation? Because the GDPR applies to any company that has dealings with the EU market. In 2016, Canada was the EU’s 10th most important trading partner, exporting $40 billion of products to the EU. It also accounted for $17.3 billion in services (16.9 per cent of all services exports).
Clear data advantage
Data, however deep, however large in volume, is not of itself valuable. While technology has given companies more avenues to engage with customers and to collect data around their behaviour, many companies have not yet put sufficient energy and focus into deriving value from their data.
The GDPR, which comes into effect on May 25, 2018, encourages companies get a clear and holistic look at their security posture, and at the same time get their data in order. From this kind of effort, an organization can gain clearer insights into its customers. Organizations that can make sense of their data and connect their data to their customers on a human level can sharpen their digital strategy and shape more effective, better targeted marketing campaigns.
What it does and how it will be enforced
The GDPR is pan-European legislation designed to protect the privacy of the EU’s roughly three-quarters of a billion citizens. It includes provisions that more closely regulate all organizations that operate in the European market. Called ambitious and far-reaching by critics and supporters alike, the legislation has teeth. Once the GDPR comes into effect, companies will be bound to notify authorities of any data breach within 72 hours. The penalty for noncompliance is set at roughly four per cent of the offending parent company’s annual revenue. While this is a steep penalty by any measure, it serves to underscore the importance of the legislation, both for EU citizens and for companies that do business in Europe.
Culture will drive compliance
Culture is always going to be a key consideration when it comes to preparing for change. This is certainly the case with any organization that will be affected by the GDPR. Hiring a privacy officer is excellent, and it shows a firm commitment to change and compliance with government policy; however, there must be widespread buy-in, from C-level down to entry level, to ensure a company’s transition to “sleek, secure and GDPR-compliant” is a smooth one.
Where it begins
Preparation for the GDPR begins and ends around records management and understanding the data within a business. A company that comes into 2018 with a solid grasp on the value of its data and how it is to be protected will hit the proverbial ground running when May 2018 rolls around. One thing is for certain: with 2018 now only months away, the time is now for companies to begin their preparations.
Knowing leads to doing
As firms move toward full GDPR compliance, it is important they have a strategy. Visit the Micro Focus website to find out more.
To find out more about the GDPR, visit the official FAQ.
To watch a short video about achieving compliance, visit the GDPR & Beyond website.