Today marks a significant compliance milestone for organizations around the world—after a two-year transition period, the EU General Data Protection Regulation is now effective. So much has been written about this important new personal data privacy law . . . And much of that writing has focused on the obligations imposed by the regulation—for example, how tough it’s going to be for companies to comply, how expensive the compliance efforts have been (and will continue to be), and how organizations with no presence in the EU might unsuspectingly be swept into the law. But some analysts have chosen to focus on the opportunities presented by the GDPR—opportunities to gain trust with customers and clients, and to achieve a competitive advantage. (Here are a few other viewpoints on the opportunities presented by GDPR, from Gartner and Microsoft, and from a contributor at Forbes.) At DiscoverReady, we’re also choosing to view the regulation as an opportunity, not a burden.
From our company’s beginning, our philosophy has been to always look for “better” ways of doing things. “Better” might mean more efficient, less expensive, more secure, more defensible, or less risky. Implementing our GDPR compliance program has provided us an opportunity to re-examine all our policies and procedures and find ways to make them better—better for our clients, and better for the personal data privacy of the individuals whose information we handle every day.
We’ve rolled out a company-wide training program on personal data privacy principles and the GDPR. We’ve updated our contracts with clients and vendors. We’ve modified our security and confidentiality protocols. We’ve adjusted certain standard operating procedures. And we’ve engaged everyone in the organization in our efforts to respect and protect personal data privacy, and that’s been really rewarding work!
But May 25, 2018, is the starting line, not the finish line. As we move forward, our clients and our business partners expect us to maintain our compliance program and keep making it better. (And let’s be real, we probably missed a few things in the ramp-up to May 25 that we’ll need to address in the weeks ahead!) We hope our clients, and our peers in the industry, share our views on the importance of personal data privacy and the opportunities presented by the new GDPR.