A sustainable, scalable and suitable GDPR implementation for customer-centric competitive advances
The right implementation of GDPR must perfect the perception of what can go wrong during a data breach. The EU Privacy and Data Protection regulation has shown an increased interest from clients, customers, media, partners and the general public. To improve strategic risk and change management, buy-in on ownership, stewardship and accountability through formal and informal networks within the organisation or GDPR Champions is vital.
The primary reason why all companies must respond to the stakeholder interest on GDPR is that the privacy components on accountability, building trustful relationships with consumers, suppliers, partners, investors and regulators is in focus. If the company can transform potential GDPR risks into a competitive advantage, it needs to ensure that the structured implementation focuses on IT and data platform, legal issues and ensure that ownership and stewardship elements within the processes, organisation and meeting customer expectations, are addressed in all departments and not only in the HR department.
Transform potential risks into a competitive advantage
Since 2005 Copenhagen Compliance has proclaimed the virtues of combining Governance, Risk and Compliance and IT-Security in all processes. However, when it comes to GDPR, it is the practical component of Risk Management that is critical. It is not about mitigating risks but gathering risk intelligence on legal risks, business risks, reputational risks in the GDPR implementation perception, GAP analysis and the overall awareness and training.
The recent hacking of the global telephone company three has proven that the customers, media, partners and the general public alike, are becoming more privacy aware. Similarly, recent incidents and data breaches in various industries have heightened the awareness of the client confidentiality and data protection. Results from data breaches at Spotify, Ashley Madison, HSBC, Yahoo and many others have led to increased number of inquiries and complaints relating to privacy and data protection.
Another recent survey indicated that security breaches of personal data resulted in that 59% of customer stated that a single data breach would negatively impact their likelihood of buying brands from a consumer products company. At the same time, 51% of users would be forgiving of a consumer product company that had a single data breach of their personal data as long as the company quickly addressed the issue swiftly and diligently.
GDPR application impacts
A structured GDPR program is designed to follow the hierarchy for internal GRC instructions on policies that establish an overall strategy on Privacy and Data Protection by outlining a set of fundamental GDPR principles;
- Privacy and Data Protection Instructions
- Data Retention Matrix
- Privacy and Data Protection routines.
The concept of a privacy program is based on policies, instructions and methods that focus on two sides of accountability;
- Ensure how GDPR responsibility is quantified, measured, exercised and verified.
- Assign responsibility throughout the organisation through a series of activities under the following headlines: - processes – activities, ownership/stewardship, documentation and evidence, disclosures and reporting
Therefore based on the GDPR accountability requirement, make sure that the following minimum requirements are in order by now else meeting the May 2018 can be a major challenge;
- Data Protection by Design and Default
- Privacy Impact Assessments
- Data breach notification obligations
- Transparency, customer facing info
- Mandatory Data Protection Officer
Attend the session on GDPR http://www.copenhagencompliance.com/2017/annual/gdpr-session.htm on the 15th March to get a head start on your current implementation and or participate at the GDPR foundation course with certification http://www.copenhagencompliance.com/gdpr/ to make sure you have understood what GDPR is really about.
Click here to see other articles in this series; http://www.copenhagencompliance.com/news-issueXXXI.html