GDPR: This could get expensive

0

Privacy continues to be an emotive issue and with the General Data Protection Regulation (GDPR) just around the corner, we have been examining some of the broader implications for companies that store personal data of European customers and/or employees.

In a recent study on the status of the implementation of the new EU Data Protection Code (GDPR), Dell found that more than 80 percent of global respondents knew little or nothing about GDPR. Fewer than one in three companies felt they were currently prepared for GDPR. A massive 97 percent did not have a plan to prepare for it and only nine percent of IT and business professionals are confident they will be fully ready. Those are worrying statistics.

I have had the opportunity to find out more about GDPR preparedness for myself. I have been one of almost 160 participants in SAS events in DACH on this issue, under the heading "This could get expensive". It was clear that the Dell study reflects the DACH market.

Three facts in particular surprised me

Large companies are still looking for information

Most companies, including some of the largest ones, are still in the reconnaissance and analysis phase. The extent of projects to be implemented is not yet clear. Only a few companies already have implementation plans. The lecture by Arnd Böken, lawyer with GW Graf von Westfalen and an expert member of the Bitkom work group on data protection, started a lively discussion. It was clear that many of the core issues for GDPR, such as accountability, increased penalties, or the information rights of citizens, have not yet been fully understood. This is particularly true for their impact on data management and other processes. Mr. Böken was still being asked far-reaching questions by participants long after the end of his session.

GDPR is not being seen strategically

Many of the participating companies are currently engaged in digitization strategies. Since digitization is very much a matter of using and monetarizing increasing amounts of data, much of it personal, I was very surprised that no company is seeing the data protection agenda as an opportunity to achieve competitive advantage. I think this has great potential: if my customers trust me to handle their data, they are more likely to let me use more of it, especially if they see that giving them a benefit.

GDPR is not yet a board-level issue

To my surprise, many participants felt that GDPR was not yet a board priority; indeed, many boards have not yet taken any interest in it. The connection between GDPR and digitization issues such as Big Data Analytics or even regulatory projects such as BCBS239 or IFRS9 has not (yet) been realized or addressed.

My impression of the events is reflected by these few quotations

 

 

 

 

 

 

 

 

 

 

 

It should be clear from these quotations that without urgent action, GDPR is going to become a serious problem for perhaps the majority of companies. This could indeed get quite expensive.

This post has originally been published on Mehr Wissen blog in German with a headline DSGVO: Digitalisierungs-Killer oder Wettbewerbsvorteil?
Tags
Share

About Author

Andreas Gödde

Director Customer Advisory DACH

Andreas Gödde leads the Customer Advisory organization for Business Analytics for SAS in Germany, Austria and Switzerland. He specialises in strategies on big data analytics, digitalization and the Internet of Things, with a focus on helping organizations to get insights from data to support better business decisions. Andreas advises customers on how to develop data-driven organisations through step-wise change management covering technology, people and processes, using ‘design thinking’ and ‘fail fast’ approaches.

Leave A Reply

Back to Top