GDPR is not just an expensive compliance project – make sure to address the benefits too!
The General Data Protection Regulation (GDPR) is looming closer and many organizations have reluctantly initiated their GAP-assessment and change initiatives. The requirements of the legislation are extensive, complex and challenging to overcome. Because the legislation is seen as a ’compliance’ project, the interest in GDPR is low and related cost treated as sunk cost, very much like an insurance you probably won´t need. But there are at least four benefits to your organization when addressing the GDPR requirements, that you could (and should?) benefit from.
1. Enable your digitalization strategy
The GDPR legislation requires organizations to map data related to an individual (internal or external) and how it is applied across the organization. This piece of information sets the very foundation of any digitalization (or IT) strategy. After all, digitalization is about processing data and making it available to users. Therefore, you should enable your digital (or IT) strategy by looking at the personal data assessment initiative as a first step to structure, map and assess information flows across the organization. Once data regarding the individual is done (as per GDPR requirements), continue to other areas relevant to your organization. The result will be a great help in setting the direction of your digitalization strategy and assessing and prioritizing your future IT initiative or identifying obsolete systems or applications. How could GDPR support your digitalization agenda?
2. Strengthen you IT and information security
Many IT organizations struggle to find support and funds to invest in information and IT security. The perception, subject to type of industry, may be that it adds very little business or competitive advantage. Do you recognice the situation? However, recent intrusions like WannaCry demonstrate how a cyberattack can hold an entire company to ransom. These events together with the GDPR requirements should provide IT organizations with the ammo they need to motivate security improvements and protection of business critical information or other intellectual property. After all, it is about to ensure a secure and reliable handling of one the most precious assets a company has: information. Use the opportunity to add other IT security initiatives that may not be GDPR related, but sound for the organization as a whole.
3. Embed new behaviour
The GDPR project will bring changes across an entire organization - ways of working, IT functionality and training are some of the areas that will need to be addressed. Knowledge sharing through training will be required for many of your employees, why not use this opportunity to bring another or related message across? Along with the GDPR communications, other changes in behaviour could be included and addressed at the same time. This additional change could be function specific or an organization-wide initiative. The synergies could be substantial and add value to the GDPR transition, changing it from something compulsory to something stimulating and fun. What could this be in your company?
4. Strengthen your Brand
The real impact of GDPR is yet to be determined. Although the individual’s influence on an organization can be big, to say at least (read this for possible challenges facing you), it is yet unknown what will happen after May 25, 2018. Many organizations will probably try to fly under the radar to hide their failure to comply with the GDPR requirements. Why not use this as an opportunity to shine? What if your organization prioritised the regulation and respected the use of data related to its employees and customers, then used it in marketing efforts? Imagine if your organization marketed “We respect you as an individual, we are fully compliant to GDPR! Try us!” What effect would that have on you as an organization and what would it say about your competitors (who may not be compliant)? Obviously, this depends on your particular industry, but it could be an interesting marketing strategy for any company to apply. Who would like to have the ’First Mover’ advantage?
Ascend knows GDPR and how to drive change and transformation. Our consultants have already successfully assessed and implemented changes related to GDPR across several organizations. We know it takes the right combination of legal knowledge, project management skills, value realization capabilities and innovation, as well as people management skills to successfully help our clients prepare for tomorrow´s legislation. Learn more about Ascend here.
Don’t hesitate to reach out to us to discuss ideas on how to make your change journey a bit less challenging than it already is.
Learn more about Ascend here.