Will GDPR have a positive impact on your business? Sneha Paul, Product Consultant, ManageEngine says that the impending regulations will have five key benefits
The impending General Data Protection Regulation (GDPR) is seen as a force of major disruption by so many businesses. The regulations which come into force on 25th May aim to drastically increase the transparency in the data processing methods of any worldwide business that handles the data of EU citizens. As ‘data subjects’, EU citizens will be handed greater control of their own data, deciding who gets to use it and how those businesses can use it.
The “right to erasure” will allow data subjects to request that their own personal data is permanently deleted by organisations that they do not wish to be in possession of it. Businesses that fail to comply with the requests to be removed will face immense financial consequences, as will businesses that experience leaks and data breaches. Businesses that do fall foul of GDPR will be fined €20 million or 4% of their annual turnover – whichever is the larger sum.
GDPR won’t just affect companies based in the EU, despite the fact it concerns the data of EU citizens. Any business handling the data of EU citizens – whether customers, employees or other stakeholders – must comply, no matter where the business is located. However, it’s not all doom and gloom. The GDPR comes with plenty of advantages for complying businesses:
1) Improved consumer confidence
GDPR compliance will prove to customers that your organisation is a good custodian of data. This new legislation mandates that each organisation have a data protection officer (DPO), along with regular audits of data processing activities. Furthermore, your organisation will have to comply with a set of data protection principles under the GDPR, ensuring that the necessary framework is in place to keep data subjects’ personally identifiable information secure.
During the past year, attacks against companies like Wonga (https://www.emarketer.com/Article/Wonga-Data-Breach-Puts-Customer-Loyalty-Risk/1015608) and Equifax suggest that the consequences of a data breach can be devastating to your brand equity, with customer defection shooting through the roof and costs escalating for affected companies. The GDPR’s proposed security practices will bolster your brand’s reputation, showing customers that you have a robust data governance system in place.
2) Better data security
Cyber security breaches loom as a big threat to enterprises in the UK, with 68% of large firms in the UK having encountered a cyber-attack, according to the Cyber Security Breaches Survey 2017 (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/609186/Cyber_Security_Breaches_Survey_2017_main_report_PUBLIC.pdf).With the scale and sophistication of these attacks growing each day, having a GDPR-compliant framework in place will extend your cyber security practices.
The GDPR mandates using privileged and identity access management (https://www.manageengine.com/products/ad-manager/gdpr-compliance-tool-for-active-directory.html) to give only a few professionals access to critical data in your organisation, thereby ensuring that data does not fall into the wrong hands. Additionally, under the GDPR, your organisation will have to disclose any breach within 72 hours of its occurrence. GDRP compliance lays the groundwork for improved data security.
3) Reduced maintenance costs
Complying with the GDPR can help your organisation cut costs by prompting you to retire any data inventory software and legacy applications that are no longer relevant to your business. By following the GDPR’s mandate to keep your data inventory up-to-date, you can significantly reduce the cost of storing data by consolidating information that is present in silos or stored in inconsistent formats. Your organisation will also be freed of data maintenance costs, which otherwise would have been incurred in the form of man-hours and infrastructure maintenance.
Another cost benefit of the GDPR is that your organisation will be able to more effectively engage with customers. The communication will be more personalised because of the granularity of the information collected, thus saving you the sunk cost of pursuing uninterested consumers.
4) Better alignment with evolving technology
As an extension of GDPR compliance, your organisation will have to move towards improving its network, endpoint and application security. Migrating towards the latest technologies – virtualisation, cloud computing, BYOD and The Internet of Things (IoT) – can serve two purposes: one, giving you a way to more effectively manage the growing demand for data and two, allowing you to offer end users augmented products, services and processes.
With third-party management tools, your organisation can constantly monitor its new environment for any data breach. These tools monitor log data and keep a tab on the data transferred outside your environment. They also check the integrity of files and folders in your network, endpoint devices and applications, as well as on the cloud. Most third-party tools will send out an alert notification whenever an anomaly is detected, thereby giving you time to minimise or avert any compromise.
5) Greater decision-making
Under the GDPR, organisations can no longer make automated decisions based on an individual’s personal data. After all, automated decisions, such as determining whether or not to provide insurance or a loan to a customer, can be prone to error. The GDPR mandates the right to obtain human intervention, thereby decreasing room for arbitrary decisions.
Thanks to the GDPR, your organisation’s data will become more consolidated, ensuring that your data is easier to use, and you have a greater understanding of its underlying value. This insight will let your organisation learn more deeply about its customers and identify areas where customer needs are unmet. By using customer information effectively, your organisation will be able to make better decisions and consequently get a better return on its investments.
Embracing the GDPR
Organisations need to understand that the GDPR is not just a regulatory obligation, but also a means for achieving business and technology alignment. With data becoming the new oil in today’s digital economy, companies need to consider a comprehensive approach while aligning their organisation’s information and data management policies with regulatory frameworks. Sneha Paul is a product consultant at ManageEngine, a division of Zoho Corporation, where she actively follows the IT management industry and helps organisations address the challenges they face in managing their IT. For more information on ManageEngine, please visit www.manageengine.co.uk; or follow the company blog at https://blogs.manageengine.com.