<img src="https://certify.alexametrics.com/atrk.gif?account=u5wNo1IWhe1070" style="display:none" height="1" width="1" alt="">
Menu
Blog
Request a Demo

How to use GDPR to make you more Profitable

Expede
Jun 14, 2019 1:46:35 PM

The General Data Protection Regulation (GDPR) has been in effect for over a year, and for Professional Service firms there's more to compliance and effective data management than sending a marketing consent email.

19228

Decompressing from the Data Panic

The GDPR came into effect on 25th May 2018, bringing with it the threat of waves of multi-million dollar fines and a looming spectre of potential reputational ruin for global businesses.

After the legislation was adopted by European Parliament in April 2016, member countries and global businesses had two full years to prepare in the lead up to its commencement.

Contrary to anticipation, the GDPR hasn't quite had an immediate, wide-reaching, catastrophic impact.

For Professional Services in 2019 the focus is on maintaining information management which is organised and transparent

For Engineering, Legal and Accounting firms GDPR compliance has benefits at two levels; firstly it can give your Board, MD's and CEO's peace of mind, and it can make you more profitable.

How?

Secondly, the main users of your information systems are using these in better ways when prospecting and managing your clients, making your business a compelling option for prospective clients.

Becoming GDPR compliant starts with a sound Information Management strategy and building a detailed resource to become a pillar of your company.

Psst, We’re giving you a head start with this template we built:

Download

 

The Difference a Year Makes

The fear surrounding the GDPR as an information-centric law, has quietened since May 2018. Today, we are solidly within the sphere of implementation - one where better practice has been implemented, but now requires maintenance.

By accident or intention, some firms will negate to maintain good practice from here on in; the firms that commit to best practice for information management, are the ones who will succeed at a level above all others.

Lineate Data Orchestration Statistic

Approximately three out of four people are fine with a company collecting their data

Whether it's for marketing or client engagement, this statistic feels contrary to the uneasy/negative sentiments towards the GDPR and similar laws - e.g. Privacy Amendment (Notifiable Data Breaches) Act 2017 in Australia -  were less than two years ago.

GDPR Information Collection Trends

Why is this a good thing? What's it got to do with Professional Services?

The individuals or end users who become your clients are still willing to consent to having their data collected and processed. The difference is they are more aware than ever, how companies value it and must secure it.

With the clarity of a year,  the focus of GDPR compliance is on Information Management, as opposed to frantically trying to avoid a €20 million penalty

For Professional Services, this means there is a greater responsibility to protect the information they have - but to structure it better to enhance their compliance.

For a business like yours, better management creates the opportunity to improve services, for all the work your business has put towards GDPR (or any compliance legislation) it creates a feasible starting point.

It's time to stop thinking of the GDPR as another piece of compliance legislation, but one which simply stipulates accountable information management.

 

The Three Challenges Ahead

A year on, some challenges which have remained and some which have evolved:

1. Finding the Right People do the Work

It's no secret resourcing is a recurring challenge for any business, even more so relating to GDPR compliance. Finding suitable people to do compliance work either internally or as contractors is particularly challenging. Aligning schedules, approaches, budgets and task delegation are just some of the sore points for big data firms who are processors and/or controllers.

The demand for experienced privacy professionals is increasing, and this is unlikely to change.

There's still a significant risk firms can haemorrhage money to people who don't fully understand the long-term goals of your business

 

2. Documenting Policies and Procedure more efficiently

This is the apex of all GDPR/compliance legislation challenges. The core of the GDPR's purpose is to change behaviour of how organisations use the data they collect and their proactivity towards information management. 

The way in which businesses are held accountable is by their processes and behaviour, against this legislation. This not only impacts client data, but employee data too - tax file / VAT numbers, contact details, financial details.

Consider:

Expede Information Management questions for reflection

 

3. Awareness of Penalties

Penalties still carry panic. If your board, senior leaders or I.T team fear any company-ending penalties - there is now a year of contextual data at your hands.

Monitoring the rulings and penalties issued from your national information authority is the most realistic way your managing (or mobilising) levels of fear or concern at your firm. In Australia, this is the Office of the Australian Information Commissioner (OAIC).

The commencement of the GDPR has brought in some interesting initial results.

The last year has seen the first few GDPR violation penalties issued;
European watchdogs are classing the first year as a 'warm-up'.

GDPR Penalty for poor information management

In January 2019 Google was fined €50 million by the French Information Commission (CNIL) who ruled "the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation." (2)

The 'warm-up' sentiment is evident in the number of global, high profile legacy investigations into Uber, Facebook and Equifax which resulted in fines.

 

The Solution

Data reporting obligations can be met much easier, in the event of a breach or audit, if your data is organised and processes are clear.

Expede Information Management Template
Source: Expede Information Management Template

Your business needs a cost-effective maintenance solution to continue to do business globally. Drilling down through the collection and retention  processes you have, and discerning:

  • What data you have to hand
  • The source of the data
  • The storage and handling processes and records of that data

Both local and global businesses have gone to great efforts to comply with the GDPR and similar legislation, the data your business legitimately collects and protects can be legitimately mobilised to benefit you and your clients.

However you achieve and maintain your compliance, whether it's internally or with a contractor - you can go in prepared, and save valuable time and budget.

The Information Management template has the questions to set your firm on track for ongoing compliance, accountability and success.

Download our free Information Management Workshop template to get started:

Download

 

DISCLAIMER: the above article is an Overview and is not intended to replace legal advice.
Please contact the governing body, the Office of the Australian Commissioner for specific advice on how the NDB relates to your business, or relevant national authority for the GDPR.
 

_______________________________________________________________________________

Sources:

Header Image, Top  Body Content Image: katemangostar via Freepik

(1) European Data Protection Board, "EDPB LIBE report on the implementation of the GDPR", published 26th February 2019

(2) The Register, "French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m", published 21 January 2019

 

Resources:

Further Information on the Notifiable Data Breach Scheme & Responding to a data breach

Office of the Australian Information Commissioner - Statement on Uber Data Breach

Determinations / Rulings  of the OAIC  on Privacy Complaints

Enforceable Undertakings / Penalties issued to organisations by the OAIC

OAIC "Data Breach Preparation and Response Guide"

OAIC Notifiable Data Breach Quarterly (Breach) Statistical Reports

Subscribe by Email