GDPR should be seen as an opportunity to make data leaner and to save costs
22 February 2018
Many organisations still do not have the processes to fully assess cyber risk and its business impact. It is true that 79% of public company boards are more involved with cybersecurity now than they were 12 months ago, but still 23% of corporate directors do not even know if they have a cyber breach/incident response plan in place. According to BDO in the USA’s 2017 Board survey, only 52% of organisations are adequately set up for regular cyber security risk assessments and only 40% of organisations are able to assess vendor risk .
Replace box thinking
In a new white paper, BDO calls on enterprises to replace box ticking with P&L thinking when it comes to GDPR. BDO’s report demonstrates how mature information security and data privacy programmes can enhance a company’s employee professionalism and reinforce its public reputation The paper notes that the cost of ‘bad’ data is estimated to cause between a 15% and 25% loss of income for most companies.
Article 32 of the GDPR ‘security requirements’, requires organisations be more structured and formal in their protection and use of personal information. The investment and resources allocation that this demands will see organisations end up with streamlined performance and reduced data management costs. This can be seen essentially as a lean data revolution:
- GDPR requires ‘data minimisation’ – in other words, only collecting, using and retaining what is necessary for processing, and discarding extraneous and expired information.
- Controlling data costs - This is in stark contrast with a ‘gather it all and sort it out later’ or ‘keep everything indefinitely - just in case - because storage is cheap’ philosophies that many businesses have accidentally adopted
- Dormant data - perhaps more importantly, with the GDPR transformation expected to purge the ‘haystack’ of expired, extraneous information, staff will find the ‘needle’ they are seeking more quickly and be less apt to use outdated information to support decisions. ‘Bad’ data has been seen to leading to an astonishing 15% to 25% loss of income for most companies .
Companies preparing for GDPR should think beyond penalty avoidance. GDPR is a springboard, a process in which companies can transform and build a stronger foundation for both execution and strategy. Businesses should expect to lower the cost of infrastructure and operations and to be able to unlock information to support business decisions. A clear picture of data flows provides insight for improvement, leading to safer, more efficient and less costly operations. BDO expects to see GDPR preparations lay the foundation for organisations’ digital future and assist identifying new growth opportunities, for example through lean data, rather than big data.