The GDPR: It’s time to take stock
James Allen, group operations director at Airswift
The General Data Protection Regulation has caused quite a stir. In the run up to the May 2018 deadline, it became so ubiquitous that there can’t be many people, certainly in the EU, who didn’t at least hear about it. For all the fanfare, debate and uncertainty, the GDPR has already proved to be a valuable lesson in preparation, communications and global collaboration.
Any new mandate will create a certain amount of burden. However, the GDPR is a positive step forward because it reinforces and amplifies the values that businesses already thrive on – openness and transparency. At Airswift, we realised that instead of it becoming a rethink of our entire approach, it was an opportunity to refine processes and ensure they matched our ethos.
Like most endeavours, the key was ample preparation – and it started with a fresh look at our data. Where was it held? How old was it? Was it still relevant? What became clear very quickly was how easy it is to hold on to information. If you’re not telling the business to delete data, you’ll eventually amass large volumes that could be more cumbersome than useful. A huge advantage for us is that having spent time reviewing, cleansing and centralising our data, it is now more relevant, useful and accessible for us to call upon in future.
Communication was also critical. Regulations can be difficult to interpret, so we ensured teams across the entire organisation in multiple regions had the training and support they needed. We wanted to get people talking and thinking about it, so they understood its importance and were able to contribute. That communication extended to our clients and contractors, explaining how it affected them and what we were doing to ensure a smooth implementation.
This was a global project. And that was a vital point for us. While the GDPR is specific to the EU, it is the most comprehensive piece of data legislation to date. To contain it as a siloed project would be missing a big opportunity. We wanted to implement this globally to raise the bar across the entire organisation.
As we enter a post-GDPR world, there are still some big opportunities for our clients to explore. The first is the supply chain. The GDPR includes rules for how data is shared with third parties – and a company’s supply chain and contractor structures need to include the right tools to be able to implement those measures.
Proactivity is also crucial and, if they haven’t already, companies should reach out to their networks. They need to review data clauses in contracts and be confident that the right systems and processes are in place. However, this isn’t the time to impose overly onerous obligations on suppliers. This needs to be a collaborative process, where companies support each other and work towards the common goal.
As the dust settles, it remains to be seen how thorough businesses across the EU have been in implementing the GDPR. Certainly, there is always more work that can be done to improve data management. However, if businesses get this right now, not just in the EU but globally, they can set the benchmark for other mandates to follow – and they will have already done the hard work!
Photo courtesy of Shutterstock.com