GDPR: How to Make it a Competitive Advantage

Under the shadow of GDPR, it’s easy to understand why companies are concerned about a regulation with the potential to have such a profound impact on their business.

The GDPR represents a huge shift in the way businesses will be expected to handle data, and non-compliance with the regulation can potentially incur fines of up to 4% of global turnover. In meeting the requirements of GDPR, organizations will be expected to overcome several unique obstacles: getting to grips with completely overhauled data subject rights; hiring a suitable Data Protection Officer (DPO) despite a perceived skills shortage in this area; and creating and maintaining detailed internal records of data protection activities.

But for all of the challenges of GDPR there are opportunities in equal measure. A company can actually derive competitive advantage from the regulation if preparation is approached in the right way.

But this fact isn’t universally recognized yet. Research from IDC demonstrates that across the board there is roughly a 50:50 split between companies that see GDPR as an opportunity and those regarding it as an obstacle. This split is more dramatic in less regulated industries, in which businesses are far less likely to recognize the potential advantages associated with GDPR. For instance, 80% of organizations in the manufacturing sector believe GDPR is an obstacle because they are less experienced with processes around data regulation and compliance.

In terms of the GDPR benefits, perspective is the only factor preventing compliance from being an opportunity in itself. Think about it this way: Once the regulation comes into effect next year, businesses from all industries will only be interested in doing business with other organizations that can demonstrate effective control over their data, because even third-party non-compliance can leave a company liable to penalties.

Considering this, an organization that can demonstrate GDPR compliance and effective control over its data will be at an advantage to competitors that can’t make the same claims. Compliance with the GDPR will soon become a point of differentiation, and the sooner businesses are compliant, the sooner they will begin to reap the rewards of standing out from the competition.

Approaching GDPR solely from a compliance perspective would waste an opportunity for businesses to take control of their most valuable asset and the primary source of their wealth, an asset that curiously rarely ever figures on a company’s balance sheet: data. The GDPR represents an unparalleled opportunity for businesses to take stock of its data, to identify what’s important and what’s just filling storage space. Not only will this help companies leverage their data more effectively, it will also provide a basis for re-architecting data governance in a structure more consistent with industry best practices. This motivation should come from a desire to operate more efficiently, to reduce the costs associated with data storage, or even to create competitive advantage by processing customer data more effectively.

But these opportunities are not a given consequence of the GDPR. Each company is responsible for creating their own competitive advantage, and the level of benefit a business derives from the GDPR will fundamentally come down to how they are approaching the regulation.

This brings us back to the question of how companies currently perceive it. IDC research shows that those businesses that view the GDPR as an obstacle tend to have a far lower level of interest in preparing for compliance, which means they are more likely to be at a basic stage of preparation. This “obstacler” attitude is reflected in 60% of businesses that are still not fully aware of the regulation’s requirements and how they will be expected to adapt.

On the other hand, opportunists are shown to be far more proactive in their preparations. They tend to have a more detailed understanding of the GDPR requirements, which enables them to focus. For instance, healthcare and business services, including legal businesses, have already gotten to grips with their information and are focusing on deleting irrelevant data and handling consent.

Going forward, it’s clear that the GDPR will have a dramatic effect on the way organizations handle their data. While it may seem like a daunting task, businesses can establish competitive advantage through rigorous and effective preparation. The first step to establishing such an edge is not necessarily hiring a DPO or taking stock of your data, but recognizing how your company views it. Identifying this will provide useful perspective, which will enable you to define your starting point and begin to plan how to get the most out of the regulations.

So, are you an “obstacle” or an opportunist?

Nader Henein is a Fellow of Information Privacy and the Regional Director for BlackBerry’s Cybersecurity Consulting practice.