With UK businesses needing to comply with the European Union’s (EU’s) General Data Protection Regulation (GDPR) by 25 May 2018 (when enforcement begins), should it be seen by businesses as an more of an opportunity to get the data protection house in order, and find new competitive advantages for the future?
Who / What Does GDPR Apply To?
The General Data Protection Regulation (GDPR) will apply to all UK (and worldwide) companies that store, process and use the data of EU citizens. The UK was very involved in the drafting of the regulation which was designed to make companies take the issue of data protection more seriously and to strengthen the rights that EU citizens have over their data.
What About Brexit?
GDPR will still come into force long before Brexit matters are concluded, and since it applies to companies that deal with the data of EU citizens, it (or something very similar) will apply after Brexit. UK Information Commissioner, Elizabeth Denham has said that she supports the UK adopting the EU regulation even post-Brexit because if the UK is to continue doing business with Europe, British businesses will need to share information and provide services for EU customers. It should (according to Ms Denham) therefore follow that the UK data protection law should be equivalent.
Up until now, the introduction of GDPR has made many businesses view it as more than a threat than an opportunity because:
Security commentators have pointed out that larger companies and those which store and use large amounts of data e.g. companies in the finance, health and retail sectors, are most likely to have started early (out of perceived necessity) in planning for GDPR. It is likely that companies that have been more proactive and have started early in their preparations, and / or have focused on privacy before, and have a framework in place that defines roles and responsibilities, will have an advantage when GDPR comes into force.
Some security experts have highlighted the fact that the preparation for, and the focusing on compliance with GDPR could, in fact, be an opportunity because:
What Does This Mean For Your Business?
Not only is compliance with GDPR (or its very similar successor) necessary, but it could actually make sound commercial sense, through providing competitive advantages (because data security is valued by customers), and could have knock-on effects to the cyber resilience of companies.
Companies that have been proactive and moved quickly on this issue could, therefore, be the ones most likely to minimise the threat of penalties (the law profession is already geared up to respond to customer complaints), and gain advantages in a marketplace.