Compliance with the EU General Data Protection Regulation (GDPR) covers much more than the “bylaws” in the context of legal matters. Technology, processes, strategies, and marketing aspects must also be built into the picture. The downsides for organizations that fail to meet GDPR requirements are all the risks associated with non- or partial compliance as well as the extraordinary cost and damage to the organization’s brand.
Prediction 8 of Forrester’s “Predictions 2018” foresees that organizations are weighing the potential benefits of full or partial GDPR compliance. The reports predicts that:
• 80% of firms affected by the GDPR will not comply with the regulation by May 2018
• Of those, 50% will intentionally not comply—meaning they will have weighed the costs and risks and taken a path that presents the best position for their firms
• The remaining 50% will try, but fail, to comply.
Forrester states that: “This will be a fluid environment; any successful case against a well-known giant will change the risk/cost balance.” It is at this point that the calculations start showing up on the boards of executives agendas—and said boards plan accordingly—with a view to ensuring the best position for their firms.
Forrester concludes that: “The sleeper issue of 2018 will not be compliance but how consumer advocate groups use the GDPR to prosecute their agendas by using the regulation’s ‘right to be forgotten’ clause—exhausting companies’ resources and damaging their brands.” What this means remains to be seen—but, if the prediction is correct, firms should focus on how to meet the expected surge in demand for personal data protection, correction and deletion upon request and that these demands are met by all. Naturally, certain legal and financial “bylaws” that suprecede the rights of data subjects.
In the same report, Forrester states that: “Companies face increasing cyberthreats from hackers who seek to commit cyberwarfare or industrial sabotage. There is no rest for the weary: The same security, risk, and privacy teams battling hackers encounter internal pushback that security measures negatively affect customer experiences.” This prediction may not be taken into account by those organizations that have calculated and weighed the costs and risks and are taking a path that presents the best position for their firms; it is far from certain whether the cost will fall within their calculations or exceed maximum limits and lead to bankruptcy. Forrester asks: “But what if security investments directly enhance customer experiences and drive growth?” Can this be the solution for those organizations that may unintentionally be failing to meet the GDPR in time; would these companies decide to make an investment that guarantees a ROI in addition to helping them along the path to compliance?
Forrester means that, in 2018, we will start seeing security-for-profit measures driven by security, risk, and privacy teams with the support of their marketing and product peers. Identity management is, reportedly, central to this. This means that: “Security and privacy teams need to know exactly who is accessing what and resolve identities across entry points.” Forrester also predicts that: “marketing can use that same capability in the martech stack for personalization—transforming a security mandate into a CX enhancement.” A martech stack can, in this case, comprise several different technologies from a number of companies that, combined, meet compliance requirements. It can also be viewed another way: “a Cybertech stack,” where organizations make use of different technologies from several companies that together help them become GDPR compliant.
Forrester concludes that: “10% of firms will crack this code and gain new and powerful investment leverage.” This means that 10% of firms will translate security investments into company profits, with one interpretation being that having many companies’ services and support can be a strength for every organization. The service provider with the broadest and strongest market partnership within cybersecurity is best positioned to help organizations—and Capgemini is one such provider. Examples of technologies we provide that simplify any organization’s approach to the GDPR are, in terms of key concepts: consent management, data discovery and erasure techniques, processing limitations, protection of minors, right for data portability, compliance management, and the right to be forgotten, to mention a few. We also offer help with: processing record management, control and monitoring, technology and organizational measures, privacy by design, cross-border processing, data breach notification, and privacy impact assessment, among others. The best way forward is to embrace the help and capabilities that are available to help you realize the journey toward GDPR compliance.
Follow the link to find details about the GDPR and references. For further discussions, please reach out by leaving a comment in the form below and we will contact you shortly.