Data protection, like all compliance, can be viewed as a bit of a pain. At first sight it does not seem to be a positive aspect of business life, it takes time and resource and has penalties if you get it wrong. The upside is not always immediately clear. Compliance is not a profit centre, it is a cost.
But, is that view true? Is there really no value added through data protection compliance?
As we have worked with clients over the past 12 months, we have seen different approaches from those clients. Most of them have been very positive. GDPR has been seen as an opportunity to gain customer trust. Getting to grips with GDPR and making changes to websites, promotional material and responses to ITTs has focused other clients on the potential to differentiate their business from competitors. Other clients have said that GDPR provides an opportunity to have a good clear out of archived records and bad habits!
Gaining customer trust
The Information Commissioner’s Office undertakes regular surveys into consumer trust and confidence in how organisations handle personal data. The results published in September 2018 showed that trust and confidence is still low with only 34% of those who responded trusting organisations that store and use their personal information. However this is an increase over the 2017 results when only one in five people (21%) expressed trust and confidence. The ICO reports that, by sector, the least trusted are social media companies.
Many clients approach us for wording to include in tender responses in response to questions about data protection compliance. These statements must reflect what actually happens at the client, how they manage data protection. There are some key comfort messages that can be highlighted. It provides an opportunity to demonstrate knowledge of data protection and how it impacts on business activities. Organisations can take the opportunity to describe the control framework employed to manage compliance: roles and responsibilities; policies and procedures; training; review; and improvement.
It is worth bearing in mind that your prospective client knows a lot less about data protection than you do or that he is equally terrified of GDPR (I think most of us were terrified earlier this year!). Key messages can help to differentiate your business from competitive tender responses.
The big clear out
Lots of clients have commented that GDPR gives them the opportunity to really clear out old files and set themselves up for a more compliant future. It is a fact that the less personal data you hold the easier it is to comply with data protection law, so good housekeeping makes compliance easier, a winning approach.