Whilst the focus of attention has, understandably, been on the eye-watering sanctions that accompany the regulation, few businesses have yet given consideration to what the GDPR actually demands of them, let alone how to move towards compliance in their organisation. It's worth pausing here to state the obvious. Getting GDPR right, and building a new trust with your customers, can yield real opportunity. Getting it wrong will land your business on the wrong side of your customers, shareholders, the regulator and very possibly, the wrong side of the tabloids.
The Journal of Business Ethics describes trustworthiness as a “source of competitive advantage.”
In this document, we set out what needs to be done to address the GDPR requirements. Our recommendations are three-fold: talk to your board; talk to your lawyers; talk to us.
Talk to your Board All real change starts in the boardroom. Personal sponsorship from the 'top table' will be vital to driving the changes you’ll need to implement. Also, the regulation includes a new ‘accountability principle’ which requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility. Governance is a feature of the GDPR expectations. It's worth reflecting that amongst the numerous punishments the Information Commissioner’s Office can issue, the Regulator can impose fines of up to 4% of your annual global turnover.
To help frame the board discussion, we have devised a GDPR Readiness Executive Self-Assessment Tool, which you’ll find over the page.
3.
Project One
Made with FlippingBook - Online Brochure Maker