Getting management to care about GDPR

The GDPR is seen as the gold standard for data privacy and protection around the world. If breached, the enforcement can be harsh, to say the least.

Infringement of some of the GDPR laws can result in fines, big fines. For example, a €20 milion or 4% of global annual turnover fine (whichever is greater) can be expected if the ‘Conditions of consent’ or the ‘Lawfulness of processing’ Articles, for example, are not observed. These two examples are not exhaustive by any means. Smaller fines of €10 milion or 2% of global annual turnover can be issued if the ‘Records of processing activities’ or ‘Security of processing’. Articles are infringed. Moreover, it can cause a serious reputational damage.  

But on the other hand, personal data has tremendous value. If it’s managed properly, it can create significant competitive advantage. In order to get GDPR right and in order to get privacy right, you need the entire organisation to be moving in the same direction.

Managers are ultimately responsible for ensuring a business complies with the GDPR. The management needs to set a strategy to meet the more stringent regulatory mandate without losing focus on growing revenues and profits and while innovating to stay competitive, keeping the board of directors happy and maintaining an engaged workforce.

How can this be the case given the disruption and the expense? Some of the key areas they must address include:

• Creating a GDPR compliance programme.

• Creating workplace policies that ensure continued GDPR compliance.

• Ensure data security procedures are in place and data handling technologies are up to date.

• Take steps to ensure users are well aware of their rights and understand how/why their data is being used.

• Audit the ways the business collects and processes user data, ensuring they are GDPR compliant.

• Providing adequate staff training to ensure they comply with GDPR principles.

• Ensure any third-party data processors the business uses are compliant with the GDPR.

Core to an approach that fulfills GDPR compliance and the needs of good data management is data governance. A strong data governance program is vital to data visibility and oversight needed for GDPR compliance. It supports assessing and prioritizing data risks, as well as facilitating compliance verification with auditors, and helps manage the current state of your data, its evolving future state and its lineage through the data ecosystem. With the right data governance approach and supporting technology, companies achieve compliance using their current as-is architecture and data assets. With the correct governance, companies can comply while building a competitive advantage. Strategic, enterprise-wide data management driven by GDPR compliance will increase consumer trust, improve data quality and analytical processes, optimize operational efficiencies, and reduce costs. It will move the enterprise closer to being a data-driven business.

What are the benefits for the companies if they are GDPR compliant: easier business process automation; increased trust and credibility; a better understanding of the collected data; improved data management; protected and enhanced enterprise and brand reputation.

Are you personally liable as a senior executive? The GDPR does not hold directors and officers personally liable at the moment, however, most of the countries’ national laws make clear that if an offence is knowingly committed, or committed through negligence, that director, as well as the company, will be liable to prosecution.