“Will things ever be the same again?” As the 1980’s song by Swedish rock band Europe said, it is “the final countdown” for the Global Data Protection Regulation (GDPR), effective May 25.
All organizations that are keeping European residents' personal data, i.e. content repositories and services, are impacted by the regulation.
Gartner said in its research about the current state of preparedness: “By 25 May 2018, less than 20% of all organizations worldwide will fully comply with the EU's GDPR. By 2020, at least 20% of organizations that deploy content and collaboration services will have been accused of noncompliance of GDPR.”
These assumptions show that the state of readiness is extremely low. Why is that? Is it because many companies are not worried about the threat of fines of up to €20 million or 4% of annual global turnover for breaching GDPR? Maybe they see GDPR as just another regulatory requirement that needs to be incorporated in the risk and compliance activities over time?
What I do know is that companies that have reached the state of readiness in my network are all companies where business leaders (like the CEO, COO, BU directors) perceived GDPR not as a compliance burden, but as an opportunity to differentiate and innovate.
The Group CEO of a European communication service provider said that the GDPR solution provides world class data protection capabilities that will be a huge, competitive edge winning the trust of customer: “with us your data is safe.” The differentiation is in the growth of trust by customers that will lead to a better customer experience and reduce churn. The innovation can be at analytics leaders in the company who will increase awareness of how better business outcomes can follow, making changes in how to handle personal data.
The great thing about these business leaders is that security and risk management leaders are not alone in this anymore, but they can rely on a multidisciplinary team to translate all the requirements of GDPR and prioritize actions. If you add to that holistic approach of an integrated digital business platform, then companies can rationalize GDPR requirements with other strategic/business/risk/compliance requirements and establish a foundation for continuous change and adaption. So the “threat” can be turned in an “opportunity.” It is never too late start building those!