Source: Convert GDPR
May 25 is just around the corner. Are you GDPR-compliant yet?
The General Data Protection Regulation (GDPR) brings more protection for EU citizens’ personal data. This is clearly something that EU citizens are looking forward to but for many business owners, the GDPR’s imminent arrival is quite worrisome. This is understandable because of challenges that come with the implementation of the GDPR, including budget, infrastructure changes, data discovery, existing data movement analysis, and awareness training. Despite these challenges, however, the GDPR also provides benefits to a business.
What are the benefits of GDPR compliance?
1. GDPR enhances security
In 2017, there were 868 reported security breaches and/or cyberattacks. This is double the rate of the 2016 attacks. Data protection has always been part of organizations’ security strategy but as statistics show, cyberattacks are still taking place. With the GDPR in place, however, organizations are expected to take appropriate steps to increase data protection or else face more serious consequences. Being GDPR-ready does not just make your organization compliant, it also enhances your company’s security posture. It is important to take note, however, that improving security does not involve purely technical solutions. This also involves training people and improving overall processes within the organization.
2. GDPR significantly improves your business reputation
According to the Cyber Security Breaches Survey 2017, 70% of large firms in the United Kingdom alone, were found to have suffered a cyberattack. Reports like this, understandably make consumers wary of sharing their data. It follows, therefore, that organizations that are certified as GDPR-compliant will have an edge over those who are not. Having this certification will boost your business reputation because, as far as potential customers are concerned, your company can be trusted with their personal information.
3. GDPR compliance can bring about increased customer loyalty
According to the Data Breaches and Customer Loyalty 2017report based on a survey conducted on more than 10,000 consumers worldwide, 70% of the respondents would stop doing business with companies that experienced a data breach. Additionally, seven in ten consumers or approximately 69% of respondents feel that businesses don’t take the security of customer data seriously. If a company is certified GDPR-compliant, it is seen as a business that truly cares for its customers by ensuring that all data is secure. This will greatly improve loyalty among existing customers and will encourage potential customers to try doing business with the company.
4. GDPR will improve data management
Your organization should audit all data that you handle in order to be compliant. You need to identify and get rid of redundant, obsolete and trivial (ROT) files – files that your organization keeps despite not having any business value. This will enable you to minimize the data you hold and collect. It will also allow you to organize data storages. Deleting sensitive ROT data of former customers needs to be done in order to reduce risk to your organization (e.g. risk of being sued by former customers in case a data breach takes place). In addition, GDPR allows customers to access their personal data AND inspect and validate stored information. The new regulations require data controllers to correct any errors data subjects will identify thereby increasing the levels of accuracy of stored data.
5. GDPR helps reduce maintenance costs
Organizing stored data also involves consolidating information present in silos or stored in inconsistent formats. It may also mean retiring data inventory software and legacy applications that are no longer relevant to your operations. All these changes will help reduce maintenance costs which would be incurred via unnecessary man-hours and infrastructure maintenance.
6. GDPR helps organizations improve decision-making
Organizations can no longer make automated decisions based on customers’ personal data under the GDPR. For example, decisions on who among customers can be granted a loan and/or the minimum or maximum amount of the loan that can be provided. The GDPR dictates the right to obtain human intervention thereby reducing room for uninformed decisions. Human intervention will also allow your organization to learn more about your customers and identify areas where customer needs or expectations are not met. As a result, your company will be able to make better decisions based on effective use of customer information which can also result in better ROI.
7. GDPR helps increase ROI (Return on Investment)
The GDPR requires organizations to implement an opt-in policy and have permission from data subjects to process their personal data. This, combined with deleting ROT information that stalls marketing efforts, such as unengaged addresses or lost leads, will provide you with a database of highly relevant leads and customers that genuinely want to hear from your organization. When you have this information, you can tailor your message to the specific needs of your audience that show an interest in your brand. Consequently, by utilizing this marketing approach, your brand will have higher click-through, conversion rates, and increased social sharing. This, in turn, will result in increased ROI because marketing budgets and efforts are spent sensibly.
Complying with the GDPR can be difficult due to changes that need to be done within the organization in addition to money needed to be spent on making the necessary adjustments. But clearly, there are benefits.
According to Daniel J. Solove, John Marshall Harlan Research Professor of Law at the George Washington University Law School and President and CEO of TeachPrivacy, “Instead of seeing GDPR as a negative, companies can also see it as a positive. Being ready for GDPR will be a competitive advantage.”
Professor Solove provides a GDPR training guide to organizations who need direction on becoming GDPR-ready.
Tip of the Week
Having HTTPS in the URL does not guarantee that a website is secure
When PhishLabs conducted a survey in November 2017, one of the questions was:
The correct answer is “encrypted communication.” HTTPS stands for Hyper Text Transfer Protocol Secure, a procedure developed by network administrators for exchanging information. With HTTPS, the traffic between the web server and a user’s browser is encrypted prior to transfer and decrypted after transfer. Encryption prevents users from unknowingly exposing sensitive information and helps prevent cybercriminals from gaining access to data. Because the word “Secure” is in the acronym and a green padlock accompanies it in the URL, this has led many internet users to believe that this is a guarantee that the website is fully secure. Unfortunately, hackers have found a way to go around encryption. In the third quarter of 2017, PhishLabs found 25% of phishing campaigns were using HTTPS websites to deceive internet users that they are legitimate. For more details on this story, read here.