GDPR: What is GDPR and why is it good for business?
GDPR is the biggest change to data protection this century. MVF general counsel Tom Worner has advice to alleviate your GDPR concerns...
If the press and plethora of data protection experts are to be believed, the world is coming to an end on 25 May 2018, when the the long-awaited GDPR (General Data Protection Regulation) comes into force.
Much of the commentary has focused on the negative, with plenty of (sometimes inaccurate) doom-mongering such as: a Data Protection Officer is needed in every business, no more data transfers outside the EU, massive fines, the death of direct marketing!
What is true is that the GDPR represents the biggest data protection shake-up in 20 years. It will replace the Data Protection Act 1998, and affect the way your business collects and uses personal data.
GDPR will impact not only UK businesses, but also businesses based outside the EU that target individuals within the EU.
It would also seem true that many businesses are burying their heads in the sand about the GDPR, probably in part due to an overload of information – most of it fairly scary.
Research last month from the Institute of Directors revealed that 30% of company directors have not heard of the GDPR, and 40% don’t know if it will affect them. Similarly, a separate study by YouGov in July 2017 found that only 6% of a pool of more than 1,800 small business owners felt they had a good understanding of GDPR.
If you’re one of these 94% of founders who don’t know what GDPR means for your business or how it will impact – and benefit – your business, then read on…
What is GDPR?
In a nutshell, the GDPR is a new data protection law, coming into force on 25 May 2018, which applies to all businesses operating within the EU.
GDPR will also apply to all businesses that are not in the EU but offer products or services to individuals within the EU.
As mentioned above, it will replace the Data Protection Act of 1998.
What does GDPR compliance mean for businesses?
In many respects, the GDPR is simply the evolution of the existing Data Protection Act 1998, which was designed and implemented in a very different period, when the collection, use and sharing of personal data wasn’t on the scale seen today.
One of the drivers behind the regulation is to bring the law up to date to address modern data practices and risks.
GDPR includes some key changes for businesses and these are:
- Broader definition of “personal data”, which could include IP addresses.
- Requirement to demonstrate compliance, for example, by documenting processing activities, and where applicable, using privacy impact assessments.
- Higher standard for obtaining consent.
- New or enhanced rights for individuals, including the right to withdraw consent, and the right to be forgotten.
- Tougher notification regime for data breaches.
- Requirement to provide more information to data subjects, for example, storage periods.
What will happen if a business fails to comply with the GDPR?
It is well-publicised that the potential fines of breaching the GDPR are increasing to €20m or 4% of annual worldwide turnover,whichever is higher.
But, repercussions aside, GDPR could actually present positives and opportunities for businesses, of all sizes…
How can GDPR benefit businesses?
The GDPR will bring about a number of benefits to businesses including:
- Increased consumer confidence
- New business opportunities
- Consistent data protection regulations across the EU
- A platform for innovation
Each of these benefits is explored in more detail below:
Increased consumer confidence
Consumers are becoming a lot more savvy when it comes to their rights, and are increasingly conscious of where they share their data, and with whom.
Businesses that can demonstrate a transparent approach to the collection and use of personal data are going to stand a far better chance of winning consumer trust and confidence under the new regime.
For businesses that collect personal data for marketing purposes or to drive sales, the GDPR should create a funnel of higher quality leads.
With the standard for obtaining consent rising across the board, companies should be marketing to informed individuals, who understand the specific purposes for which their data has been collected.
New business opportunities
Similarly, businesses that give people control over their data, and are quick to recognise and respect people’s rights under the GDPR, will be in a much stronger position to win new business.
Businesses that share personal data with other organisations are going to come under greater scrutiny from those third parties (perhaps their clients) who will want clear assurances that the data has been lawfully and appropriately collected.
This will be the case particularly where indirect consent is being obtained. Organisations that can show robust data policies and processes, and a strong understanding of the new regulation, are far more likely to win and retain clients.
Consistent data protection regulations across the EU
At least in theory, the GDPR should bring some harmonisation and consistency across the EU, with every member state enacting the same law.
In reality, countries will still be able to implement local legislation in certain areas, but a more uniform legal landscape should appear.
At a more macro level, having some harmonisation in place around the protection of personal data should increase consumer trust in the digital economy, and present new opportunities for business growth.
Platform for innovation
Any major industry change provides entrepreneurial thinkers with opportunities to adapt and innovate.
Businesses that invest the time now to learn about the new regulation and its implications are more likely to be ahead of the pack come May 2018.
Whether it’s simply taking the time prior to the legislation coming into effect to test how the changes will impact your data collection and sharing activities, or identify new ways to position your business, organisations that tackle these topics early will have an edge over their competition.
GDPR: Next steps
At MVF, we're extremely excited about the GDPR.
As a customer generation business, we specialise in data collection, and so we’re well-placed to deal with a lot of the uncertainty and risk for our clients.
If you want to know more about the changes to data protection regulations, we’ve created an infographic below with more tips and advice to help you understand GDPR:
[Click on the image to view in full]
MVF is a customer generation company that topped The Sunday Times Tech Track in 2013 and ranked in the top 100 in 2014 and 2017.