• Sooji Seo, Global Trade Counsel & Privacy Program Director at Dell Technologies


• 01.12.2017 10:45 am
undisclosed

As the May 25, 2018, deadline approaches for complying with the European Union’s General Data Protection Regulation (GDPR), much of the focus has been on the weight of the regulatory burden it imposes and the size of the penalties it exacts for failing to comply with the specified data protection principles. But that’s a somewhat narrow view; look beyond it, and you can see that commitment to GDPR compliance may also be a greater differentiator than many may have imagined.

For organisations that begin their approach to GDPR with a well-established privacy program already in effect, compliance may be more a matter of layering GDPR into an existing robust privacy program rather than starting from the ground up. Dell and RSA have been engaged in just such an effort and while we’re doing this with the immediate goal of GDPR compliance, of course, we also recognise that there’s ultimately an even larger payoff.

Organisations that meet the requirements of GDPR demonstrate to regulators and to the world at large that they’re to be trusted. For customers, prospects, employees and others who do business with these organisations, compliance with GDPR says “you can absolutely trust us to protect your personal data.” An organisation that is committed to GDPR compliance assures those with whom it does business that it has appropriate privacy and security practices in place to keep personal data safe, whether from a breach perpetrated via cyber-attack or from inadvertently being exposed by a third party who processes personal data on behalf of an organisation. It’s impossible to overstate the importance of this trust. If you’re looking to do business with a company, you want that assurance that they’re trustworthy. Do they take GDPR compliance seriously? How far along are they in their GDPR compliance journey? Can you be confident in their ability to protect your personal data—not to mention the personal data of your customers, employees and others who entrust you with their personal data?

To that end, you must be prepared to demonstrate that your organisation is deserving of trust—that it’s far enough along the GDPR compliance journey to merit the highest level of trust. As you work toward that, you’ll want to:

• Identify areas of greatest risk and thoughtfully plan how to address them. Know what personal data you have access to, where you’re collecting it, and how it flows in and out of an organisation and is processed by any third party(s). 
• Determine whether the privacy and security controls, processes and data governance you have in place are appropriate.
• Think about how you’re going to demonstrate compliance. RSA’s Archer GDPR solution is a great tool to showcase your GDPR compliance framework.

In summary, achieving GDPR compliance is the first order of business for many organisations between now and May 25. Earning trust is the important larger consequence of the successful effort to comply.