It’s time to stop thinking of GDPR as a bad thing.
Firms could gain competitive advantage by developing their cybersecurity and information systems around the requirements of GDPR, according to insurance and risk management firm Marsh.
Implementation of GDPR is less than a year away (25 May 2018). It will lead the standard for data protection globally and introduce new rights for users so that they can have better control over how their personal data is used.
For organisations, it will mean establishing clear procedures around consent and having a legal basis for gathering data, especially in the digital world.
Failure to comply could lead to fines of up to €20m, or 4pc of turnover. Some organisations will have to employ data protection officers.
Ireland’s Data Protection Commissioner, Helen Dixon, has described the new laws as a game-changer in how businesses and people will view personal data.
Not a threat, but an opportunity
So far, GDPR has been portrayed as a threat to firms, bringing with it stringent, onerous requirements.
But, according to Peter Johnson, cyber-risk leader at Marsh UK and Ireland, it should be seen differently.
“Rather than regarding compliance with the GDPR to be a costly and disruptive undertaking, Irish firms should see it as an opportunity,” Johnson said.
“These organisations can improve how they safeguard personal information, boost their understanding of how data can add value to their business, and forge a new relationship with clients based on enhanced transparency and security that can further build trust.”
The company has just published a new report – Data is an asset: It deserves protection; it offers opportunity – that highlights how forward-thinking firms can leverage the GDPR framework to improve their information management and cybersecurity systems.
It also suggests how firms can strengthen their organisational risk culture and reduce data protection costs while enriching their value proposition to customers.
In preparation for the most significant change to the EU’s data protection laws in more than 20 years, firms need to review their procedures for managing personal data.
Marsh recommends that firms re-examine their current insurance arrangements to ensure that any applicable indemnity limits will cover the costs associated with investigations and breaches under the GDPR.
Charles Barry, regional leader at Marsh Ireland, said: “The GDPR will go a long way towards helping Irish firms repair the breakdown in trust with their clients in terms of how personal data is used, enabling proactive businesses to take greater advantage of the data-driven economy.”