It is clear that the GDPR is starting to gain interest. Just last week, I presented at an event where 53 people attended. Just to hear me talk about GDPR. Only a few months back I could count most of my audiences on one hand.
When I talk about GDPR, I don’t focus on the potential penalties. That information is everywhere and not helpful. I choose to focus on what organisations need to do practically to get ready. However I am still surprised at the amount of people who think getting ready for GDPR is about filling in policies templates. It’s not.
I have said this many times, but if you considers GDPR as a compliance task, great opportunities can be missed. GDPR is about managing risk and putting processes and procedures in place within an organisation that are appropriate to manage that risk. For this reason, there can’t be a ‘one size’ fits all solution. Certainly not one that is managed through macro driven templates. There is definitely opportunity to realise some real benefits. Yes there can be positive benefits if you consider GDPR as a catalyst for change.
Let’s look at a typical implementation. The first task is to understand the data. For most small companies, this exercise is best achieved by looking at the organisational processes. Done properly, this will uncover all the data the organisation holds, including the unofficial stores and all of their processes both formal and informal. When was the last time you looked at your data and processes? I don’t think I have come across a single organisation yet that has not discovered something new about their organisation. Typically we find processes that don’t work which generates an opportunity to fix them and make them more efficient. Secondly we normally discover that the organisations data storage has grown beyond their knowledge. Typically, organisations usually end up reducing either the amount of data they store, or the number of locations they store it in. This may seem trivial, but improving process and reducing data and storage locations can mean real savings and efficiency.
There are also opportunities to make your business different. Make a good job of implementing GDPR and whilst your competitors are moaning about it being too much fuss, or another tax on business, you can promote your stance on privacy.
Conversely, if you approached GDPR negatively, you could create additional work in the long run. I’m not talking about fines or breaches, no worse. By completing pre-configured templates, you may think you are achieving a quick fix. What you could be doing is adding inefficiency into your business. That will be a burden for a long time, inhibit growth and make work more unpleasant.
So if you get this right and go in with an attitude of using GDPR as a catalyst for change and you could benefit twice. However they do say there is not gain without pain, but the benefits could be worth it.