Can you turn GDPR Compliance into an opportunity?

Facebook has had a tough year. In April, Mark Zuckerberg was hauled before US Congress to explain Facebook’s failings in handling a massive data breach by Cambridge Analytica. Last week, the social media giant’s value dropped a staggering $120 billion (£91.5 billion) within two days, following a disappointing quarterly financial report.

Moreover, the Information Commissioner’s Office (ICO) will fine the company £500,000 for its part in the Cambridge Analytica scandal. While this is a drop in the ocean for Facebook, the penalty is the maximum amount the ICO is allowed to hand down. But many believe the ICO is sending a message to firms that data breaches are being taken seriously – a warning that now has more teeth after the introduction of the GDPR.

Data breaches in a post-GDPR world

Under the GDPR, Facebook could have had to pay up to four per cent of global turnover for the Cambridge Analytica mishap. Taking Facebook’s more than $40 billion revenues in 2017 as a starting point, the organisation could have been liable for a fine of over $1.6 billion today.

Facebook is a great example because it shows the wider impact that data breaches have on big-name brands, including reputational damage, and the GDPR is likely to compound these issues.

But should the GDPR be seen as just a compliance headache? Or are there business opportunities for organisations that take the right approach? Effective GDPR compliance could provide a competitive advantage that sets firms apart from their rivals.

1. Better data management

Figures from Veritas Technologies showed 85 per cent of organisational data is either ‘dark’ or redundant, obsolete or trivial (ROT). Dark data means the information has been collected and processed but its current value to the business is unknown. Meanwhile, 40 per cent of stored data hasn’t been accessed in three or more years, according to the Data Genomics Index.

GDPR compliance requires a data audit, forcing many businesses to examine exactly how, where and why information is being used. Organisations can therefore remove ROT data, which Veritas claims is approximately one-third of all information, and streamline their storage and management. Why hold on to useless data that poses significant risk and minimal value to the business?

2. Upgrade technology and integrate systems

Many organisations are struggling with legacy IT systems that are years or even decades old. Customer data may be spread across multiple, disparate platforms with little to no integration or wider use. Cyber security across these different technologies is also likely to be inconsistent, with some areas far easier to breach than others.

Under the regulation, businesses must identify a security strategy and ensure administrative measures are in place to protect data. IT departments may have been pestering the C-Suite for systems and security upgrades for years, but the penalties attached to the GDPR could give boards an added incentive to address any shortcomings sooner rather than later.

3. Build trust with consumers

Putting the consumer at the heart of GDPR compliance should build trust at a time when major data breaches have become weekly news. Yahoo, Equifax eBay and JP Morgan Chase are just some of the household names that have fallen victim to hackers, exposing billions of people’s personal information.

A recent Evry whitepaper showed 79 per cent of UK consumers are worried about the lack of control they have over the information they provide online. Meanwhile, PwC found the two most popular ways people reduce data security risks is by only using credible websites (63 per cent) and choosing retailers that can be trusted with payments (55 per cent).

Rather than be dragged kicking and screaming into GDPR compliance, businesses could build a loyal customer base by being proactive, transparent and enthusiastic about data protection.

4. Deliver marketing ROI

GDPR compliance will come at a cost, particularly for organisations that recruit new staff and implement system upgrades to better manage data. These measures will not only reduce risk but could also offer return on investment if marketers can leverage more insights from their data.

If the Veritas figures are to be believed, businesses are only effectively using 15 per cent of the information they possess. The accuracy of marketing analytics will increase as data management processes improve, enabling firms to offer customers better targeted and more personalised campaigns.

Is your organisation GDPR-ready?

We are now more than two months beyond the GDPR’s implementation date, but complying with the regulation is an ongoing process and research suggests not all businesses were ready for the deadline.

Compliance should be seen as an opportunity rather than an obligation. As consumer trust becomes a key issue in today’s increasingly data breach-ridden world, organisations can gain a competitive advantage by using the GDPR to position themselves as a champion of privacy and security.

But do you have the resources in place to take advantage? If you’d like to discuss your corporate governance recruitment needs both now and in the future, please contact us on 020 7936 2601 or email me directly at

Our 2018 Market Reports combine our review of the prevailing conditions in the corporate governance recruitment market with the results of our latest employer survey.

Image credit: tumsasedgars via iStock