There is a lot of general negativity in the language used when talking about GDPR.
PAUL MATHER - DIVISIONAL OPERATIONS DIRECTOR SAYS:
There’s no doubt it will be very impactful for a lot of businesses and there’s no doubt that it will cost many businesses a lot of resources coming to terms with getting compliant. So to a degree, this negativity is understandable.
Yet we must remember what the purpose of legislation around the world such as GDPR is designed to try and achieve. There are no two ways about it, the amount of our personal data that is “in the wild” is incredible. Just look at your phone as a good example. If it’s anything like mine when you first powered it up, it, (or rather services on it) started making connections joining Outlook contacts with LinkedIn, Facebook, WhatsApp etc. How many times have websites asked us for details before you can progress to see goods and services? Ultimately, your personal data is viewed by some as a commodity, to be sold on mailing lists and such like, either legitimately or less so.
GDPR will compel businesses to think more about the data that’s stored in their organisation and change their operation to be more data focussed than they are now. When taken in context of the wider GDPR regulations this can actually be a good thing. Consumers and end users of our products and services should be able to feel a little more secure that those businesses taking GDPR seriously are putting their rights as data subjects before their organisation’s own. Ultimately this is how I’m sure most of us would want our data to be treated, so we need to accept that we will have to help ensure our organisations follow the new rules and guidelines.
There are other benefits too. It seems absurd to say it given how prevalent security threats are, but GDPR will force organisations to take a much closer look at the security of their business than, historically, a lot have been doing. It stands to reason that moving more in line with GDPR guidance and requirements will potentially reduce the risk of data breach therefore preserving brand reputation and expensive fines.
We also need to remember that a lot of the principles in GDPR are not new. They existed in the old legislation, yet so many organisations didn’t perhaps do all that they could. There may be an argument that in current times we have better and more affordable products and services to help be more compliant with these principles. It’s also certainly true that it’s a lot more reasonable for organisations to be taking appropriate actions for ensuring the security of their data these days. Again, this can only be a good thing.
It also stands to reason that (likely reduced) databases of clean, consented data should in theory perform at least, if not more, efficiently in terms of conversion rates. For example, within the recruitment industry a shortlist of recently contacted active & engaged candidates in a recruitment CRM is likely to be more worthwhile to a recruiter than a longer list containing candidates that haven’t been spoken to in years.
One way to think about things is the analogy of your loft. Most of us have it stacked with accumulated junk that we haven’t used in years and will likely never use again. This junk could be considered a fire risk in much the same way unneeded data is a risk to a business in the event of a breach. Your loft is also considerably easier to move around in and locate what you actually need if you are keeping it tidy. (You also get that satisfaction of clearing out the rubbish - although granted it doesn’t always feel that way whilst you’re actually doing it). You do, however, need to be disciplined once you cleaned it out, else you’ll just fill it again. If this happens with your data, unlike your loft, you could well get fined for holding onto the things you don’t need.
Ultimately for a lot of organisations the next 12-18 months will involve a lot of planning, reviewing, cost and effort that many won’t have been budgeting for. This is certainly made harder with the volume of economic uncertainty around the world and especially within the EU as it stands today. Whilst uncomfortable, GDPR is unquestionably at its heart steering us in the right direction and I believe we’ll all be better off once we get out the other side.
Now, where did I put that loft ladder…