3 ways to use GDPR to your advantage
If you’ve not been living under a rock in the past 12 months (in which case congrats for landing in the right place, on our site) you probably know by now the major clauses that GDPR brings to the table starting May 25th (yes, that’s in 10 days). If not, you can find the GDPR key changes here.
Most of the media coverage of the GDPR has been fixated on the outrageous multimillion-euro fines businesses will face if they fail to comply. Vendors and suppliers play up the same card to boost sales for their products and services. Certainly, the price of noncompliance with the GDPR is not something one can afford to ignore. However, the problem with focusing on the negative side of the GDPR is ignoring the opportunities.
The real driver for adopting new compliance values should be building a more secure and efficient business. There are a lot of ways to turn a challenge into an opportunity, and this is how we think you should look at GDPR – here are 3 ways to turn this project to your advantage:
1. Have cleaner, simpler, more transparent core business processes
By January 1, 2000, most organizations had found that the Y2K scare had unintentionally improved core business systems and processes, by helping companies to reassess their tech and data management efforts.
If you use this ‘opportunity’ wise, the same should happen with the GDPR – going through internal processes and data within your department, checking how this is linked to other departments and who are the people responsible for data handling, will not only offer you a better view on how the company actually works (which could suggest some ideas for new projects) but also sets the stage for updated policies, rephrase older project ideas into new ones and at the end of the day get cleaner, more transparent, standardized internal processes.
It may sound tedious now, but on the medium to long term, once you get your systems and processes in place, you will get so much more added value from standardization than the initial investment. It’s time to act now if you want to stay in the game because this is going to happen with or without you and the stakes are too high to remain behind.
2. Get that long-postponed budget approval
GDPR is about control: knowing at every point in time what data you have, where is stored, who can access it and when will be deleted, why you are holding it and what permissions you have to use it. GDPR gives individuals more control than ever over their data and you must be prepared to deal with the right to be forgotten or respond in a timely and professional manner to authorities in relation with data beaches or audit procedures.
In other words, you need to be in control of your data no matter the circumstances. For most of companies this should be the norm.
Therefore, if you find yourself in the position of not having the right tools to manage your data (such as an internal CRM system, a unified records management solution, security checks system, etc.), this is the best timing to push that tool/ system acquisition budget to approval. Having this level of control over your company’s data will prove itself a long-term investment and it completely justifies the costs.
3. Get rid of unstructured information and improve decision-making
Every department has its own dead skeletons, whether it’s in physical closets or on the server. I’m referring to old and very old files that current employees may not even know exist and current legislation doesn’t require anymore to keep. I’m also referring to social posts, web data, photos, pdf files, video and audio files, emails, scanned documents and many more type of data that are creating at the same time new opportunities but also new day to day challenges.
The value of data is defined only by what you’re able to do with it. So, when you have unstructured data, there is really hard to grasp its essence and to turn it into business value. This is why you should make the time – and what better timing than the GDPR timing? – to take all the data that is piled up in either physical format or as electronic documents and:
- Classify data at the point of ingestion. Of course, this is often not an easy task. Many applications just don’t deliver yet a way to add classification, and those that do are often sadly imprecise meaning that manual human involvement and intuition are needed to get the job done. But with the right tool this process can be greatly automated so you can reallocate precious resources for productive tasks.
- Outsource the classification process. Identifying the necessary metadata to promptly classify and process unstructured data usually involves some level of human intelligence – usually a routine work, building an in-house team to manage this can be expensive and may not justify the scope. Therefore, this task is perfect for outsourcing but be aware and check your supplier previous experience and deployed applications that must leverage the full power of metadata.
- Build value by incorporating data into existing business processes. Once your information has been classified and processed, it’s essential to start using it in your existing business processes: use it to make your customers’ lives easier or to analyze and improve your own internal processes or make faster, better and informed business decisions. What was once chaotic data sitting on a server or distributed across various silos on the outskirts of your company can be ready for e-discovery with the help of a metadata driven platform that can easily deliver the content right into your existing business applications using open standards (CMIS, APIs) and even mobile clients to empower productivity everywhere.
Yes, GDPR compliance is a journey and it will take some work – but when you’ll pass that finishing line you’ll feel like a winner together with your entire business.
We are here to make your GDPR journey happen. And you just made the first step of this journey by going through this article. Give us a call and let’s continue.