
See the positives
It’s easy to be sucked into the negative rhetoric surrounding GDPR and see it as just more red tape. The truth is, there will always be winners and losers, in every situation where regulatory changes are involved. The losers will be companies that don’t take the law seriously and neglect to follow cyber security guidance from governments and organisations like the Centre for Internet Security. The winners are the ones using new legislation as a chance to refresh key business functions and gain an advantage over the competition. A recent study found GDPR would make up to 75% of customer data held by UK companies “useless”. Database depletions on this scale may appear catastrophic, but for years, marketers have wasted time and money communicating to people who have never (and are never going to) engage with the brand.A “data detox” is well over-due, leaving only quality leads and redefining customer relationship management. This, in turn, will simplify compliance with Data Subject Access Requests and reduce infrastructure costs for things like data storage, back-ups and security.GDPR compliance can also be a strong pull factor for customers considering your brand or deciding whether to stay loyal. The public has never been so aware of their data protection rights and held such high expectations of companies they engage with.
Culture shock
Managing liability
Previously, data protection legislation focused on the controller – or the company “owning” the data – not the actions of third parties with access. However, under GDPR, many controllers worry they may face unlimited liability for a breach experienced by data processors on the grounds of failure to exercise due diligence.Data processors should be committed to notifying you of a breach and provide you with the support you require to respond effectively in this situation.It’s also important to clearly outline what data is being shared, what it can be used for, how long it can be kept and what will happen after the contract ends. This will help you notify the ICO of the compliance steps you’ve taken if the worst-case scenario does happen. Cybersecurity insurance is also recommended which includes first-party and third-party coverage to protect against the damages of breaches originating in-house or along the supply chain. GDPR is by no means just another piece of red tape. It represents a real chance for businesses big and small to future-proof their processes, monetise data in an efficient (yet fair) way and build loyal relationships with suppliers, partners and customers. All hail GDPR! Move over Queen Bey, there’s a new King in town. Mark Overton is information security officer at Softcat
Share this story