ICS: Play by the rules to gain an advantage
11 May 2018 | 0
With the General Data Protection Regulation (GDPR) on our doorstep, much has been made of the potential for large fines, potential new staff required and ‘red tape’ around the new data protection regulations. However, many organisations are surprised to learn that there are real advantages to be gained by complying with GDPR.
“If you have sourced a data protection officer, they’ll be trained in what you do need to tell your customers and how best to let them know”
A significant proportion of organisations are still under prepared for the new laws. If you are one of them, maybe these advantages of GDPR will help sway you to starting your preparations today.
Reduce the risk of breaches: GDPR is an opportunity to empower your staff to use best practice around customer, client, staff and patient data. Many organisations will start with an audit of their data storage and processes and it is recommended to train staff who will be handling data regularly. By doing this, you will raise awareness of the importance of data protection and your staff will understand the business case and ethical reasons to protect customer or client data. The cost of training staff is minimal in comparison with the financial and reputational damage associated with repeated breaches or bodged communications around a hack.
Reduce brand and reputational damage: By letting clients know how you store their data, informing them as soon as a data breach happens and training your staff, you will avoid the embarrassing mistakes unprepared companies will make. You will be protecting their sensitive and personal data. You will no longer be in the same boat as those companies who do not delete their customer’s data when asked and allow breaches to happen without notifying customers promptly. If you have sourced a data protection officer, they’ll be trained in what you do need to tell your customers and how best to let them know.
Increased trust from customers, clients, staff and patients: Data subjects will learn how much you respect their data under GDPR. If you are able to list all places you store data about a person, respond promptly to subject access requests and only serve communications that the customer has asked for, you will quickly gain a reputation for being a company that people can trust with their data. You will actually gain their respect. If you appear disorganised, vague or do not meet subject access request deadlines, how will data subjects have faith that you are processing their data correctly?
Reduce data storage and maintenance costs: It is very likely that that your databases contain a number of old or incorrect email addresses, even if you are diligent in keeping them up to date. What about telephone numbers? Do you know when a contact was added to the database or how many contacts are out of date? People stay at their job for an average of only 4.6 years, so it’s likely a number of your contacts are no longer reachable at their current contact details. If you put the work into cleaning up your data now, you are likely to have a smaller but more accurate and more engaged database(s) of customers, staff or clients. This will inevitably reduce your storage costs and data maintenance costs in future as you will have removed any redundant contact details.
Better customer insight: With a smaller, more accurate database, you will have better customer insight. A larger proportion of customers will respond to your marketing campaigns — dormant email accounts will never open your emails anyway. Removing duplicate accounts and clients who have moved on to other industries will mean you will know more accurately who your customers are and you will be able to tailor new products and marketing campaigns to meet your new, more accurate database of clients. If you are in the health sector, this will unlock patient insights and let you make more accurate decisions on staffing, treating patients and ordering supplies.
Better decision making: Privacy by design is a key pillar propping up the GDPR regulations. By putting your customers’ privacy front and centre in all business decisions, you will leave less room for confusion and disagreement in the boardroom. Your roadmap to compliance with the new regulations will leave your organisation with easier decisions to make. Most decisions around the use of data will become less ambiguous with the new regulations and staff who have been trained in GDPR will be better equipped to make the right call first time when it comes to the integrity of customer data.
Ability to act faster than your competitors: Ultimately, strong data management and governance will mean that you can make decisions faster than competitors who are still lagging behind. Respond to your data subjects faster as you will know where their data is stored. Make business decisions faster as you follow the new regulations confidently. Gain better insight into your customer base to make decisions on new campaigns and develop new products faster than before.
You might feel like you are not sure where to start, but hopefully now you are a little clearer on how you can benefit from the new regulations. It may be a cliché to say that the new rules are a blessing in disguise, but GDPR certainly does not have to be a rod for your own back. It could well be the opportunity your organisation needs to gain a real advantage over your competitors.
- Certified Data Protection Practitioner – 21 May and 16 July (Dublin), 23 May (Galway)
- IT Asset Management Foundation Certificate – 4 December
- GDPR and Data Protection Essentials – 17 May (Cork)
- European Certified Data Protection Officer (ECDPO) – 26 July (Dublin)
- MSc in Applied IT Architecture – September
- Management Development Programme – September
- Certificate in Business Analysis (QQI Level 8) – September (Dublin and Cork)
For the ICS events calendar, see here.