Turning GDPR into an opportunity
The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018, changing the European privacy landscape. For organizations, this means a number of changes. We outline some major points from our experience that can help organizations get the most from these changes.
Privacy under the GDPR is no longer a tick-the-box compliance topic but rather offers a vast space within which organizations are free to determine their own approach.
Within the lines of this playing field, which is defined by the law and such notions as accountability, transparency and justification, organizations can choose an either offensive or defensive strategy:
- For organizations with a high-risk tolerance, a more adventurous use of personal data or a more opportunistic mindset (without crossing the lines of the law of course!) will be suitable.
- Alternatively, a more defensive approach is possible. It would suit the type of organizations that are more risk-averse, cautious with their reputation or unsure about their personal data utilization potential.
Any of the two extremes is possible, as well as all variations in between. The GDPR does not tell you which strategy to follow; it sets out the lines on the playing field and provides the rules of the game. Privacy can be a business enabler if organizations achieve to balance risk and opportunity.
Based on our extensive experience in GDPR from supporting large Danish and global companies we provide a risk based approach in our advice to which compliance areas should be in focus.
Here are key changes compared to the 1995 Directive (95/46/EC):
From our experience, following the principles outlined here, you can increase your potential by getting the most value from processing personal data, while minimizing the risk.
- Proper (meta) data management is essential to comply with GDPR
- Using GDPR compliance to build trust with clients and safeguard personal data
- Make GDPR compliance your top priority for the coming months.
Deloitte Privacy Services is dedicated to help organizations, identify and manage the risks and opportunities associated with personal data, navigate privacy risk, staying within the rules of the game, while allowing privacy to be a business enabler and to use personal data to increase customer trust.