In today’s digitally connected world, infinite quantities of data are produced by consumers daily at a mind-boggling pace and volume. The implementation of the General Data Protection Regulation (GDPR) will give consumers greater control over how their data is used, and with the regulation coming into force on 25th May 2018, it’s imperative for businesses impacted to put plans into place to ensure they are ready. The cost of non-compliance is serious penalties of up to €20 million or 4% of global annual turnover – whichever is higher. Despite these severe sanctions, Gartner has predicted that over 50% of companies affected by GDPR will not be fully compliant by the end of 2018.
With under three months left to prepare, here are four areas for businesses to consider, to make sure they are ready for GDPR implementation:
Privacy and data protection: More than just security
Focusing on security without privacy would be like having a house made of bullet-proof, transparent glass. No one will get inside, but an individual’s personal life is still on display to all. In today’s connected era, organisations should be integrating privacy functions within their business activities alongside data security measures. This will be crucial for maintaining customer trust when their enhanced rights come into effect in May.
Proactive proof of compliance
The ‘but we’ve always done it that way’ excuse will not cut it under the GDPR. Organisations will need to establish and maintain evidence logs in readiness to submit to regulators in the event that a complaint is made against them, and prepare for future evidence that may be required going forward.
Be aware of biometric data
Under the GDPR, biometric data will be classified as ‘special category data’ meaning privacy, identity and security will be critical to the next generation of data-driven businesses. If biometric data is to be collected, careful consideration must be given to the implications of a data breach where the very essence of an individual, their uniquely personal identifiers, are lost or in some way compromised.
Frictionless payments: a convenience vs security conundrum
Increasing adoption of biometrics and digital identity technologies have paved the way for frictionless payments to become a full-blown reality. But as new and more convenient payment methods come to the forefront, so too do new forms of fraud to exploit them. Paysafe’s Lost in Transaction research shows the balance between security and convenience in these emerging technologies is a delicate one, so before businesses look to bring new payment capabilities into their offerings, they should ensure these technologies have the tool kits and resilience to protect data against threats in the post-GDPR landscape.
From a payments perspective, all of these considerations are geared towards the overarching requirement of GDPR: any business operating in the EU needs to be airtight and infallible to the evolving security demands of a changing payments landscape. While this prospect may seem daunting, the key for businesses preparing for the GDPR lies in a simple change of perspective – meeting the regulation’s requirements is not a problem to overcome, but an opportunity to be seized.
If Gartner’s predictions are validated, only half of businesses will be able to protect their customers’ data and privacy to an acceptable standard by the end of the year. This not only leaves the stragglers at risk of significant fines, but also poses a source of competitive edge for those who can comply. A company in compliance with GDPR is one that can offer consumers peace of mind and power over their personal information, and this will prove to be an influential factor on consumer choice following the 25th May deadline.
The regulation also has advantages for small and medium-sized businesses. In most modern economies, SMBs drive a substantial portion of revenues, and the GDPR is intended to make trading easier and stimulate growth in this sector. Being small is less of a disadvantage in today’s digital world, because SMBs are more agile and adaptable to changes in data protection requirements. By harnessing the requirement of GDPR quickly, SMBs can level the playing field and increase their competitiveness against bigger organisations.
Although GDPR has been brought in to harmonise data privacy laws, it is set to disrupt the current business landscape as we know it. Any company that controls or processes personal data of EU residents needs to use these next few weeks to their advantage and ensure they know their data workflow and all its intricacies, from where its located and back-up, to supplier access. Failing to meet the legislation can jeopardise businesses of all sizes with hefty fines, so to avoid this, businesses should take these considerations onboard to bring quick wins to their GDPR compliance strategy.