Daragh O'Brien: 'GDPR an opportunity not a burden for firms'
The new European General Data Protection Regulation (GDPR) comes into force on May 25.
There has been so much coverage on the downsides of not having everything shipshape by the deadline at the end of May that I can scarcely turn on the radio or open a paper without some advert or 'talking head' telling me about the inevitable doomsday fines if I don't get my act together now!
The spectre of fines of 4pc of annual turnover looms over us like Marley's Ghost in some macabre data-centric remake of 'A Christmas Carol'.
But, as with Dickens' tale, it doesn't have to be a gloomy ending. By changing his ways, Scrooge did more than just avoid Marley's chains.
And by embracing the opportunity of GDPR, the European regulation designed to harmonise data privacy laws across Europe and protect the data of its citizens, organisations of all sizes will see benefits.
While everyone is obsessing about the potential for 4pc-of-turnover fines the stark reality is that in most organisations the cost of poor quality data runs to a multiple of that, but is accepted as a cost of doing business.
Writing in the 'Harvard Business Review' in September 2017, industry expert Dr Tom Redman and his colleagues in University College Cork's (UCC) MSc in Business Data, highlighted their research that had found that less than 3pc of data in the organisations they studied met basic data quality standards.
It was either inaccurate, missing required values, or just plain crummy data.
Countless studies have found that the cost of poor-quality data in the average organisation ranges between 10pc and 30pc of turnover as information needs to be checked, rechecked, and corrected before it can be used.
This seems to be an accepted 'cost of doing business' so the certainty that your current data-handling practices are costing you money isn't getting as much attention as the relatively remote possibility of a 4pc of turnover fine.
In one Irish organisation Castlebridge has worked with, the cost of non-quality in its reporting processes was 11pc of its total payroll cost.
The GDPR dividend here for organisations of all sizes comes from the fact that it requires you to think about how information about people is being processed in your organisation, think about why you have it and it also requires you to document those core processes and ensure you have processes in place to identify and fix errors in data when you find them.
Putting in the right model of response for GDPR can also help your sales cycles.
Research recently published by technology company Cisco found that nearly two-thirds of organisations experience sales delays due to customer data privacy concerns.
Organisations with less mature privacy practices have an average of 16.8 weeks delay in their sales cycle. Organisations with mature privacy practices experienced sales delays of just 3.4 weeks.
As Robert Waitman of Cisco said: "Delays in sales can cause companies to miss quarterly and annual targets, lose revenue, and damage their reputations. For most companies, reducing sales delays is well worth the initial investment in data privacy."
Investing in GDPR can help reduce your sales cycles through improved understanding of your sales processes, better management of customer data, and establishing the basis for your customers and your employees to trust you based on your practices for governance, transparency and accountability for personal data.
In that context, it's important to recall that the consistent trend in consumer research internationally over the past 20 years is that people care about their data.
This trust issue is not just limited to platforms such as Facebook, but can impact even small businesses or not-for-profits.
It is this trust factor that shortens sales cycles. It is this trust factor that improves customer (or donor) retention. It is this trust factor that attracts new customers, employees, or investors.
Apple has built its business strategy around ensuring that the users of their products and services can trust how their data is stored.
Facebook, by comparison, has lost over 13pc of its value in the past few days due to concerns about how it handles personal data of its users.
Increasingly, a good grasp of data protection implications of business models in technology companies is driving both innovation and investment decisions.
GDPR puts data subjects more directly in control of what happens with their data, building on the existing principles of data protection and data privacy that have been established in Europe for over 30 years.
The dividend for organisations that embrace the opportunity of GDPR will be an improved level of trust and engagement with their customers and other stakeholders, underpinned by the internal accountability for what happens with data about people that GDPR requires organisations to instil.
Ultimately, as people become more aware of their rights in relation to their data and become more aware of how data about them or relating to them can be used, misused, or abused, they will ask questions of your organisation.
The better prepared your staff are to answer those questions transparently and confidently, the better the benefits for your brand.
More importantly, the less your staff are faced with complaints they can't handle or with negative feedback about the organisation they work for, the better their morale.
An investment in doing the additional things that GDPR requires of organisations (document processes, improve transparency, improve governance) will help your brand and staff morale.
Rather than seeing the potential penalties under GDPR as the chains on Marley's ghost, smart organisations will learn the lessons of past failings in how information is handled by them, or by others.
They will take steps now to understand how they are using and handling personal data in the present.
By embracing the opportunities for better data management that the GDPR brings, they will begin to make changes that will save money, support efficiencies, and improve the value of their brand in the long term.
- Daragh O Brien is founder of Castlebridge, a firm specialising in information trust. He is one of the speakers at Dublin Data Sec 2018 - Ireland's GDPR event - which takes place on April 9, 2018 in the RDS Concert Hall. DataSec is an Independent News & Media event. Please visit independent.ie/datasec2018 for further information and tickets