The GDPR will become a reality on 25 May 2018, but do you really know what it will mean for your business?
We are beginning to get a clearer picture of what the Regulators will expect from a compliance point of view but modelling how that will impact current commercial arrangements is also vital for long term forecasting.
Conducting a GDPR Impact Assessment helps to discover the organisation’s readiness – identifying and prioritising specific data issues and the risks involved for the organisation, so that they may be tackled in a logical and effective manner.
This involves working with people within the organisation, with partner organisations and with the departments affected to identify compliance risks and revenue impacts. By defining risks for the organisation from the Regulation an action plan can be developed with priorities to future-proof processing and protect revenue.
Current commercial models may be challenged by GDPR requirements, opening the business to increased costs and potential liability in the future. These could include:
• Consent is difficult to obtain and a significant proportion of previously collected data may be unusable
• The “balance of interests” may be an alternative to justify processing but is subject to interpretation by the ICO and other European Regulators
• Prospect data may increase in price and significantly reduce in availability
• There could be additional costs to the business in ensuring data governance, fulfilling customer rights, record keeping and system development to evidence compliance
• The use of profiling will be restricted
The GDPR will change the game for all Controllers when it comes to customer acquisition and marketing efficiency. Mitigating actions to protect metrics like Cost per Acquisition and Return on Investment need to be planned now.