SME’s are going to face potential fines for non-compliance post-GDPR. With regards to the EU’s General Data Protection Regulation (GDPR) there are many businesses who are already on the case but some are still lagging behind. This could simply be because of the lack of understanding of the legislation but also there could be the mind set idea that with Brexit it will no longer apply (it will). If you are stuck and not sure what to do, give us a call on our office number 01252 350 690, we are offering a free of charge consultation on GDPR over the telephone.
There has been a lot of media publicity on multimillion-pound fines businesses can face if they do not protect their customer’s data effectively. This in turn has seen a rise in suppliers of products and services advising they can help with compliance.
The focus has been on the dangers of failing to be compliant and not on the tangible business benefits of GDPR compliance. Whilst GDPR does bring larger fines, it can also make your business more efficient, secure, responsive and customer focused.
“Rather than a costly administrative hurdle, GDPR should be seen as an opportunity for small businesses to get their houses in order and create operational efficiencies,” says Jonathan Wood of security company C2 Cyber.
As an example, the regulation requires businesses to know exactly what information they hold on people. With a successful audit of your data, you can improve efficiency surrounding data processing.
“We work with a number of online retailers and one company had a CRM [customer relationship management] database of 30 million customers, five million of whom turned out to be deceased. Having cleaned up its database and introduced processes to keep it up-to-date, not only can the company now ensure it is GDPR compliant, it’s also saving a small fortune in direct marketing costs such as printing, design and communications,” says Wood.
Gareth Lindahl-Wise, director of cyber risk at ITC Secure Networking, says the private equity, legal, insurance and financial firms it primarily works with are also seeing highly significant reductions in the amount of data they need to manage after readying themselves for GDPR.
“In our experience, most organisations can dispose of 30-50% of the data they hold by undergoing ROT analysis: redundant (remove duplicates), obsolete (remove aged records you don’t need to retain), trivial (music libraries and photos). Less data means lower IT costs and lower risks,” he says.
Targeted marketing is more effective
One key requirement of GDPR is that we all must gain specific op-in consent from people to use their data in specific ways.
Sarah Williamson is a partner and GDPR expert at Boyes Tuner who are a specialist technology and innovation law firm, Sarah is saying SME’s have an opportunity to be more focused with their marketing.
All organisations have huge marketing databases at the moment, and no one really knows exactly what they do with that data and why. You might get little value from marketing to thousands of people, but if you can target individuals that genuinely want to hear from you, you’ll probably gain a lot more business,” she says.
Adam Rubach, UK managing director of mobile data platform provider Ogury, agrees. “As onerous as preparation for GDPR may appear on a surface level, correct application of the core principles early should be a net benefit for SMEs. Data collected ethically and with the explicit consent of users, combined with sophisticated targeting, will make adverts more and more like personalised recommendations and less like annoyances to be suffered. Start applying GDPR rules now and expect to see a step-change in the quality of click-throughs from online ads, for example,” says Rubach.
Jane Dixon, senior director for GDPR compliance and consulting services at contextual marketing specialist SmartFocus, says similar. “If GDPR is approached as an opportunity rather than an obstacle for the business, SMEs can become more customer-centric by gaining better insight into customer preferences and trends through exploiting data within the parameters of the regulation,” she says. “Think about how to communicate with key audiences going forward – the channels you use, segmentation, targeting and personalisation of communication.”
But this isn’t just about the fact you can better target your marketing content – working inside the exact consent framework of GDPR it can also allow you to build closer, more trusting relationships with customers. As Rubach notes: “SMEs which are able to clearly and simply explain how data will be put to use will establish greater loyalty between their brand and their customer base.”
Staying safe for less
Another additional benefit in preparing for GDPR is the improvements and savings it brings to IT security management. “The legislation forces all businesses to identify their security strategy, solutions and safeguards, and that can only benefit a business,” says Adam Nash, EMEA sales manager at cloud security specialist Webroot. “With cyber attacks becoming increasingly financially motivated, by reinforcing your security strategy and solutions you will inevitably reduce the likelihood of having to pay what some organisations think of as a ‘cyber tax’ as a result of rising attack numbers. You’ll also reduce the downtime caused by virus outbreaks.”
Frank Krieger, director of compliance at secure cloud provider Iland, claims the security benefits are even more profound – and as an SME itself, Iland has seen those benefits first-hand. “GDPR has been the catalyst that helped propel compliance from a back-office function with oversight into specific domains into a pivotal role that ensures privacy and risk are addressed throughout the organisation. The side-effect has been more verifiable trust with our customers and more transparency in our operations,” he says.
Maybe, in the end, it is this potential to drive fundamental cultural change that makes GDPR such a powerful catalyst for wider business benefits. “GDPR will force a culture change and those that embrace it to its full extent will prosper the most,” says Richard Shreeve, consultancy director at Civica Digital, a software and digital services firm which provides support and GDPR consultancy to both the public and private sector. “Aside from trust and transparency, changing the way an organisation views and manages data can help improve decision-making, customer reach and customer satisfaction. Getting your data in order will lay the foundations for better insight, driving better services around what people want and need, as well as helping to reduce waste.”
And while he says there’s no denying the road to complying with the General Data Protection Regulation is hard, he thinks it’s time to look forward to the benefits the legislation will bring, because it’s these benefits that will give SMEs the crucial competitive differentiation they’ll need to succeed.