For many, the drum beat which has surrounded the GDPR deadline over the last 18 months has been hard to miss, along with it the raft of information on how best to prepare. But for some, the task of navigating GDPR compliance has seemed like a steep mountain to climb and many organisations are asking questions like “Are we ready or not?”; “Have we done the right things?”; “What more should we be doing?” and in some instances it is still “What’s GDPR?”!
Looking around at your competitors may give you an indication of what others are doing but be careful not to take solace in any apparent lack of action, as they say – it’s what’s on the inside that counts. Internal processes, policies, and systems need to be rigorously reviewed and tested to become compliant with GDPR, and any shortcomings will not only be exposed by the regulator, but by your customers, hackers, and even your own employees too! Failings will not only lead to substantial fines, but it will result in reputational damage for your organisation, putting you behind the competition.
For many organisations it is hard to understand where they are in their journey to GDPR compliance. For others, focusing on being efficient in their handling of data protection, providing a great customer experience, and ultimately embedding a “privacy by design” culture is their next step.
The things to be done to be ready for the GDPR fall into four broad categories:
Understanding your current status is the first step to GDPR readiness. Much like climbing a mountain, there are many paths which you can take to reach the Summit, but some are steeper than others.
Most organisations will fall within one of the four ‘personas’ below – where do you fit?
Figure 1 - Where do you fit?
So you know where you are, but what do you need to do reach the summit?
Figure 2 - Which path to take
By following one of the outlined paths above, your organisation will be sure to improve its processes, policies, and data privacy. However, raising awareness amongst your employees is a vital part of each path, as they can often make or break you. Whilst 60% of senior IT executives view their staff as the biggest threat to GDPR compliance, employees also represent a path towards more efficient and sustainable compliance. Employees who understand the importance and remit of the new regulation will be more willing to follow (and help mould) the processes implemented as a result. In turn, they will develop products, services, and a customer experience that have data privacy built in. In the event of a data breach, privacy conscious employees are more likely to be proactive and nurture the principle of ‘Privacy by Design’ – a key focus point of the GDPR.
The climb to the summit is never easy. By understanding your current footing, the best path to choose, and what areas to tackle, full GDPR compliance can be reached. Along the way a range of other key benefits will also be identified, allowing you to develop your employees, and provide your customers with an enhanced experience. Even if your competition started out ahead of you, choosing the right path now can help you get ahead.