The General Data Protection Regulation (GDPR) is being put into place to enforce digital privacy for consumer and employee data. This regulation is designed to level the playing field, by providing consistent guidance across the EU for companies and regulators.
GDPR can be viewed as an opportunity to distinguish businesses from competitors, but how can business owners prepare? With the regulation due to take effect in a matter of months (25th May 2018), here are three steps all companies should take ahead of GDPR.
1. Promote security measures
Consumers are increasingly wary of giving their information to online vendors, fearful of the consequences of sharing their data. Businesses should be using GDPR as an opportunity to promote their security measures and privacy initiatives with their customers.
An organisation which shows understanding and compliance with GDPR, using terminology that is easily understood by their consumers, will enhance trust amongst their consumer base.
2. Know your data inside out
Holding and processing private information about customers is a privilege that comes with the burden of proving that businesses are not susceptible to hacking, theft, or privacy breaches.
Knowing where all your private data is held, securing it appropriately, and staying on top of where the data is coming from and who it is being passed on to (for additional processing) are key to compliance and demonstrating businesses’ understanding of GDPR.
It is not enough to encrypt data or to put up a firewall: there are many options on the market which help with the entire security process. These options are not necessarily expensive either, especially compared to the fines, and breach of trust with consumers, for not preparing adequately.
In addition, companies must know where their data comes from and how it is handled by third parties. Businesses are responsible for their customers’ data, period.
3. Don’t get caught out: prepare now or pay later
Since the GDPR does not come into effect until May 25th 2018, some organisations are taking their chances and waiting on the court and regulators interpretations. However, businesses should not be fooled into a false sense of security: the GDPR is based on a directive that has been in place for over 20 years, and the expectation of consumers and regulators is that private data is handled with great care.
Some court cases will determine more precise interpretations of the law for specific instances, but privacy by design is a core part of the GDPR – so designing interactions with consumer privacy in mind will help to ensure companies of all sizes don’t end up on the wrong side of the law.
Sourced by Kindy Flyvholm, programme manager at Teradata, MSP, CIPP/E
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit byregistering here