'I think it's building momentum as we’re in the stage now where people are just trying to find out as much as they can and find out about the risk. It’s scaring the life out of people really."
The mix of emotions towards GDPR is a good example of what businesses are going through, and Diarmaid Flynn, client services director of Ergo, is aware of it. There’s still enough time to bring a business up to speed but while more are starting to take those first steps towards compliance, the perceived scale of it may have hindered progress for some.
Instead, it should be seen as an opportunity to improve the business; something Flynn believes will give organisations more motivation.
“You need to see an opportunity to maximise now. Getting in early is giving you the chance to change your business processes and make them as lean as possible,” said Flynn.
“To line up what is a core part of your business and to streamline the processes, making sure you’re getting the right amount of data, and putting the right protections in place, you’re creating nice
processes that make you a leaner organisation. If you do those things, and put the customers first as well, you’re really going to protect your business against repetitional damage."
“If you think about the security of the end customer – focus on that and minimise the potential risk – long term it’s a huge chance of return for repetitional trust with the customer.”
There’s certainly no shortage of examples when it comes to companies being hit by cyber attacks or data breaches. Those events are going to be more common as time goes on, before and after GDPR comes into play.
If you follow the processes needed to become GDPR compliant, you’re not only going to make your data safer, your business is going to become stronger as a result. It might seem nice to keep
extra data that you could use in a future situation, but really you’re adding more work and costs to yourself for storing and protecting it.
“[For] companies losing data that was old and that customers no longer do business with, it can be highly embarrassing and stupid data to breach because you’re not making any money from it . . . it’s just sitting there and creating risk for you but you’re not getting any award.”
Instead of hoovering up data, Flynn recommends looking at other areas that can do the same job without putting the company at risk. Why hunt for email addresses to send updates when you
can do the same thing through Facebook or LinkedIn where you can get the same result or better.
“There’s so much in CMS systems that need to be rid of in advance and organisations have an ideal opportunity now,” said Flynn.
“If you look at something like LinkedIn and what can it do for you, the customer opts in to getting information from you, instead of consent-driven emailing where you’re pushing stuff out. The customer is coming to you and saying Yes, I want to hear about your company so I’m going to like your page and follow your profile on LinkedIn.’ You’re changing it so that they’re in control of the information and it’s not you pushing it to them through direct marketing campaigns.
“We’ve over a year now to go to the new channels where we can derisk it from holding personal data. Let the people come after us for the information by liking our page and we can get information to them but it’s not as risky for the organisation.”
Ergo itself offers IT consultancy, with GDPR being one element of it, and something that surprised Flynn is how many companies are coming to them knowing exactly what they need to do.
That said, helping with things like producing data registries, information gathering and understanding processes are part and parcel of what it does.
“A lot can be done when you help people with data registries. With some of the bigger companies, what we’re doing is we’re providing some of the resources like business analysts and project managers to help large organisations run processes internally.”
While there is still a fear surrounding it, there is reason to feel encouraged. Those who are taking those first steps are starting to see the opportunities that this can bring.
Flynn said: “I was on call [with someone] who didn’t know much about GDPR, and he came away frightened but at the same time thought ‘There’s great opportunity in this too for us.’
“We’re going into the great unknown, and it will be a success for people who go about it the right way. There’s a huge amount of opportunity for people to make the best of it and not see it as a threat.”
In my last blog (8 Steps to Increase User Adoption of Office 365), I outlined the steps involved in succeeding in taking...Read now
To run a business, one must make decisions. To run a good business, one must make good decisions. To run...Read now