In our previous blog, we described the basic principles of GDPR. In this post, we will be discussing why your organization should care about GDPR and GDPR implementation.
The GDPR has caused a lot of stir since its entry into force in 2018, but you may be wondering why the GDPR should still be on the corporate agenda. Here are six reasons why GDPR is relevant for your company.
Leveling the playing field leads to more business opportunities
By establishing a harmonized framework for the protection of personal data, the GDPR ensures that all businesses in the internal market follow the same rules. As such, they can benefit from the same opportunities, regardless of where they are established and where the processing takes place. This means that if your company gets GDPR right, it can enter new markets on the same conditions as local companies, leading to more business opportunities. Data has been touted as ‘the new oil’ over recent years, so having the possibility to mine for it anywhere in the EU presents a distinct advantage.
Impact on company value
Whether you like it or not, not complying with the GDPR will have an influence on how your company is valued. This could be during a due diligence process where the GDPR compliance will be vetted and could impact the selling price, or when your company is looking to offer shares to the public in a new stock issuance. The GDPR compliance is often on shareholder agendas, so getting a project on the road ahead of stock issuance could save you significant issues down the line.
Mapping data flows leads to identifying quick wins
The GDPR requires that you get a clear view of how your company is collecting personal data and how that data is being used. Doing this exercise will almost inevitably lead to the conclusion that your company holds more data than you expect; yes, even if you don’t consider your company to be a participant in the digital economy. It allows you to re-evaluate your business processes and to identify quick wins that can streamline your daily business, e.g. using Microsoft PowerApps for audit logging and deleting inactive users.
GDPR implementation fosters collaboration between business units
As mentioned above, the GDPR requires that companies get a clear view of data flows within the company, which will show that personal data naturally flows from one department to another. If you are interested in introducing a more agile way of working, the GDPR implementation can be an excellent business case, as it works best when the classic divisions between departments are abandoned. This way, the GDPR invites you to be innovative with your corporate structure.
The GDPR doesn’t only focus on obligations companies have towards data subjects. It also considerably upped the ante on what we consider to be the standard for cybersecurity. While you could consider investing in cybersecurity as a big cost to bear, it is also an excellent marketing tool. Consumers and customers alike are looking for providers they can trust. Complying with GDPR requirements on cybersecurity is an excellent way of attracting those consumers and customers.
Fines if you don’t
Last but not least, a negative motivator for GDPR compliance is the fines you could receive. Especially for severe violations, listed in Art. 83(5) GDPR, which includes processing data without legal basis, the fine can be up to 20 million euros or up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher. But even the catalog of less severe violations in Art. 83(4) GDPR, such as not respecting the tasks that should be assigned to a data protection officer, sets forth administrative fines of up to 10 million euros. Or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.