Leveraging GDPR as a Springboard to Gaining Control of Your Company’s Data

There is a lot of scaremongering about GDPR going on these days.  The tendency is to focus exclusively on the “sticker shock” of the possible fines levied for non-compliance and to treat it as just another government regulation to be complied with lest your company be ruined.  This could lead to companies in EMEA acting out of fear to do the bare minimum to avoid penalties. Are the fears justified?  It is hard to tell at this point as enforcement does not start until 25 May, 2018 so there is no precedent yet.  At least one supervisory authority says that the fears of debilitating fines are overwrought and lose the point of GDPR, which is to increase transparency and accountability, while ensuring the rights of the people over who can have and use their personal data. Are the fines the only possible cost associated with non-compliance with GDPR?  Absolutely not.  In fact, perhaps the biggest cost of non-compliance with GDPR would come if it was discovered that a company was the victim of a data leak.  The cost of reputational damage could be more significant than any fine and could take years to recover from.  In addition, a leak can lead to significant material costs to remedy the issue and provide additional protections to consumers after the fact. Wait, so you said there was too much focus on fear from GDPR?  Absolutely!  GDPR is a fantastic opportunity for companies to put in place a level of maturity in data governance, data management and IT security.  If companies take the big picture approach rather than focusing on just doing the bare minimum to comply with the letter of the law, they can find themselves in a much better position to leverage the value of their data for years to come.  It could improve customer service, enable true business intelligence, and streamline existing business processes, among many other things.